i have few quesions :
1) is it possible at all to decrypt an md5 encryption? if yes then how?
2)can i encrypt using my own key?
thnaks in advance
peleg
encrypting with md5
Moderator: General Moderators
MD5 - Hashing
RSA - Encryption
MD5 is often used to check differences between files. Take a file test.txt write 'hello' and then take text2 and write 'hellow' the md5 sum will be different. It's almost impossible to get 2 md5sums that are the same. Also you can use it to check passwords on a site, though it's only so that if you have people that can access your database cannot see the passwords in text, but only in hashes. That way you can protect your passes from your admin.
But passwords are still sent cleartext so you use SSL "encryption" which basically is a safe that you send to other people and only people that have the same keys to open it.
Yeah, in simple terms that's the diff.
RSA - Encryption
MD5 is often used to check differences between files. Take a file test.txt write 'hello' and then take text2 and write 'hellow' the md5 sum will be different. It's almost impossible to get 2 md5sums that are the same. Also you can use it to check passwords on a site, though it's only so that if you have people that can access your database cannot see the passwords in text, but only in hashes. That way you can protect your passes from your admin.
But passwords are still sent cleartext so you use SSL "encryption" which basically is a safe that you send to other people and only people that have the same keys to open it.
Yeah, in simple terms that's the diff.
feyd wrote:1) yes, generally, brute force
2) there is no key, it's a hashing routine.
Its impossible to decrypt an md5 hash, its what is called a one way hash, brute force however is the only means to get the original data. Don't confuse brute forcing with decrypting, they are NOT the same.
The way md5 can be used is as such:
A users password is stored (md5'ed) in a database
when a user logs in they enter there password in cleartext
php md5's this clear text version of the password
php compares the newly hased password with the one in the database
if they are the same grant access
else dont.[/b]
isnt this md5 decryption
Code: Select all
<?php
function bytexor($a,$b,$l)
{
$c="";
for($i=0;$i<$l;$i++) {
$c.=$a{$i}^$b{$i};
}
return($c);
}
function binmd5($val)
{
return(pack("H*",md5($val)));
}
function decrypt_md5($msg,$heslo)
{
$key=$heslo;$sifra="";
$key1=binmd5($key);
while($msg) {
$m=substr($msg,0,16);
$msg=substr($msg,16);
$sifra.=$m=bytexor($m,$key1,16);
$key1=binmd5($key.$key1.$m);
}
echo "\n";
return($sifra);
}
function crypt_md5($msg,$heslo)
{
$key=$heslo;$sifra="";
$key1=binmd5($key);
while($msg) {
$m=substr($msg,0,16);
$msg=substr($msg,16);
$sifra.=bytexor($m,$key1,16);
$key1=binmd5($key.$key1.$m);
}
echo "\n";
return($sifra);
}
// Example of usage...
$message = "This is a very long message, but it is very secret and important
and we need to keep the contents hidden from nasty people who might want to steal it.";
$key = "secret key";
$crypted = crypt_md5($message, $key);
echo "Encoded = $crypted<BR>"; // returns ¦ý¼=¯ ¶òºÏ`¬ù<ÂH ëÇ{.‡1º{ïåMD5 is a hashing routine and de-hashing it can years and years unless the MD5 hash is dictionary related or if it was a simple word, therefore it could be broken via a bruteforcer.
Try this simple dictionary attack : http://www.securitystats.com/tools/hashcrack.php
Try this simple dictionary attack : http://www.securitystats.com/tools/hashcrack.php
- Buddha443556
- Forum Regular
- Posts: 873
- Joined: Fri Mar 19, 2004 1:51 pm
If your looking for data encryption you might want to checkout Mcrypt PHP extension.
Last edited by Buddha443556 on Sun Jul 18, 2004 3:51 pm, edited 1 time in total.