Page 1 of 1
MD5 problem...
Posted: Sun Mar 14, 2004 1:44 pm
by Joe
Recently I have been doing all sorts of things to keep my website protected. The part that I am working on just now is hashing the users chosen password using MD5 and all works well apart from the fact that I am clueless on how to actually decrypt it so the user can login when they visit the site. Please help?
Regards
Joe

Re: MD5 problem...
Posted: Sun Mar 14, 2004 1:55 pm
by TheBentinel.com
Joe wrote:Recently I have been doing all sorts of things to keep my website protected. The part that I am working on just now is hashing the users chosen password using MD5 and all works well apart from the fact that I am clueless on how to actually decrypt it so the user can login when they visit the site. Please help?
Regards
Joe

You probably don't need to decrypt it. Just encrypt the password they hand you when they log in and compare it to your stored, encrypted password. If they match, then they gave you the right password.
Posted: Sun Mar 14, 2004 2:04 pm
by Joe
Ya hey man thanks. I cannot believe I never thought of that. Anyway thanks again!
regards
Joe

Posted: Sun Mar 14, 2004 2:31 pm
by penguinboy
Yeah, you can not 'decrypt' a md5 hash.
Posted: Sun Mar 14, 2004 5:31 pm
by thomasd1
penguinboy wrote:Yeah, you can not 'decrypt' a md5 hash.
really?
Posted: Sun Mar 14, 2004 5:35 pm
by Illusionist
thomasd1 wrote:penguinboy wrote:Yeah, you can not 'decrypt' a md5 hash.
really?
no... you can't 'decrypt' it, but you can crack it
Posted: Sun Mar 14, 2004 5:45 pm
by PrObLeM
Posted: Sun Mar 14, 2004 5:50 pm
by Illusionist
uhm....
Posted: Sun Mar 14, 2004 6:27 pm
by m3mn0n
Sure you can brute force an md5 hash.
You can also create an md5 dictionary...heh
viewtopic.php?t=19069
Posted: Sun Mar 14, 2004 7:21 pm
by Black Unicorn
The whole idea of Md5 is that people can't see the actual password an md5 represents. I suppose you can do tricks to confuse people brute-forcing md5s by prepending a given length of garbish and appending some to the hash heh ... poor things wouldn't know where it begins or ends. Not that I ever bothered using this approach.
Sincerly,
H Rage
Posted: Mon Mar 15, 2004 3:07 am
by JayBird
just so you all know
I must point out to all the people who read the notes this far that MD5 is _not_ encryption in a traditional sense. Creating an MD5 digest (or hash) of a message simply creates 128 bits that can be used to almost positively identify that message or object in the future. You use MD5 if you want to validate that information is true. For example, you may ask a user to submit a message through a browser POST and save an MD5 of that message in a database for a preview function. When the user submits it the second time, running the MD5 hash of the new version of the text and comparing it to the original MD5 in the database will tell you if the text has changed at all. This is how MD5 is used -- it is _not_ for encrypting things so as to get the data back afterward -- the MD5 hash version does _not_ contain the data of the original in a new form.
Mark