MD5 problem...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

MD5 problem...

Post by Joe »

Recently I have been doing all sorts of things to keep my website protected. The part that I am working on just now is hashing the users chosen password using MD5 and all works well apart from the fact that I am clueless on how to actually decrypt it so the user can login when they visit the site. Please help?

Regards


Joe 8)
TheBentinel.com
Forum Contributor
Posts: 282
Joined: Wed Mar 10, 2004 1:52 pm
Location: Columbus, Ohio

Re: MD5 problem...

Post by TheBentinel.com »

Joe wrote:Recently I have been doing all sorts of things to keep my website protected. The part that I am working on just now is hashing the users chosen password using MD5 and all works well apart from the fact that I am clueless on how to actually decrypt it so the user can login when they visit the site. Please help?

Regards


Joe 8)
You probably don't need to decrypt it. Just encrypt the password they hand you when they log in and compare it to your stored, encrypted password. If they match, then they gave you the right password.
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

Ya hey man thanks. I cannot believe I never thought of that. Anyway thanks again!

regards


Joe 8)
penguinboy
Forum Contributor
Posts: 171
Joined: Thu Nov 07, 2002 11:25 am

Post by penguinboy »

Yeah, you can not 'decrypt' a md5 hash.
User avatar
thomasd1
Forum Commoner
Posts: 80
Joined: Sat Nov 22, 2003 2:48 pm
Location: Belgium

Post by thomasd1 »

penguinboy wrote:Yeah, you can not 'decrypt' a md5 hash.
really?
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

thomasd1 wrote:
penguinboy wrote:Yeah, you can not 'decrypt' a md5 hash.
really?
no... you can't 'decrypt' it, but you can crack it
User avatar
PrObLeM
Forum Contributor
Posts: 418
Joined: Sun Mar 07, 2004 2:30 pm
Location: Mesa, AZ
Contact:

Post by PrObLeM »

Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

uhm....
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Sure you can brute force an md5 hash.

You can also create an md5 dictionary...heh

viewtopic.php?t=19069
Black Unicorn
Forum Commoner
Posts: 48
Joined: Mon Jun 16, 2003 9:19 am
Location: United Kingdom

Post by Black Unicorn »

The whole idea of Md5 is that people can't see the actual password an md5 represents. I suppose you can do tricks to confuse people brute-forcing md5s by prepending a given length of garbish and appending some to the hash heh ... poor things wouldn't know where it begins or ends. Not that I ever bothered using this approach.

Sincerly,
H Rage
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

just so you all know
I must point out to all the people who read the notes this far that MD5 is _not_ encryption in a traditional sense. Creating an MD5 digest (or hash) of a message simply creates 128 bits that can be used to almost positively identify that message or object in the future. You use MD5 if you want to validate that information is true. For example, you may ask a user to submit a message through a browser POST and save an MD5 of that message in a database for a preview function. When the user submits it the second time, running the MD5 hash of the new version of the text and comparing it to the original MD5 in the database will tell you if the text has changed at all. This is how MD5 is used -- it is _not_ for encrypting things so as to get the data back afterward -- the MD5 hash version does _not_ contain the data of the original in a new form.
Mark
Post Reply