PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Recently I have been doing all sorts of things to keep my website protected. The part that I am working on just now is hashing the users chosen password using MD5 and all works well apart from the fact that I am clueless on how to actually decrypt it so the user can login when they visit the site. Please help?
Joe wrote:Recently I have been doing all sorts of things to keep my website protected. The part that I am working on just now is hashing the users chosen password using MD5 and all works well apart from the fact that I am clueless on how to actually decrypt it so the user can login when they visit the site. Please help?
Regards
Joe
You probably don't need to decrypt it. Just encrypt the password they hand you when they log in and compare it to your stored, encrypted password. If they match, then they gave you the right password.
The whole idea of Md5 is that people can't see the actual password an md5 represents. I suppose you can do tricks to confuse people brute-forcing md5s by prepending a given length of garbish and appending some to the hash heh ... poor things wouldn't know where it begins or ends. Not that I ever bothered using this approach.
I must point out to all the people who read the notes this far that MD5 is _not_ encryption in a traditional sense. Creating an MD5 digest (or hash) of a message simply creates 128 bits that can be used to almost positively identify that message or object in the future. You use MD5 if you want to validate that information is true. For example, you may ask a user to submit a message through a browser POST and save an MD5 of that message in a database for a preview function. When the user submits it the second time, running the MD5 hash of the new version of the text and comparing it to the original MD5 in the database will tell you if the text has changed at all. This is how MD5 is used -- it is _not_ for encrypting things so as to get the data back afterward -- the MD5 hash version does _not_ contain the data of the original in a new form.