Hi all,
I've been creating a user management system wich allows users to register, log in, log out and manage their profiles.
Login script works like this: Gets username and password from username and password textboxes, MD5 encrypts the password, and compares the username and password to that of the database. If everyting is OK, then logs in, otherwise doesn't login.
I added gmail-like "remember me" option to the script. If the user checks to remember the username and password, then the script will set cookies with username and MD5 encrypted password. The next time when the page is loaded, the script checks if username and password cookies had been set. If yes, those values will be shown on username and password textboxes as google does. When I get values from cookies, I will have a username, and a MD5 encrypted password, right? So, with these values, if I submit the form, my login script encrypts the password again, which is already enrypted.
There comes my question. How do I do so that MD5 encrypted password that is stored in $_COOKIES variable, can be shown as a normal password in the password textbox.
Or any other solutions to the problem???
Thank you for your time.
a question about cookies and MD5
Moderator: General Moderators
Re: a question about cookies and MD5
I don't believe Google actually writes the username/password values into those boxes, it is most likely your browser doing that. Most "remember me" cookies setups usually just store a token/key/whatever you want to call it so that your code knows exactly who the person is based on this cookie value, and then assumes that since that cookie is set, that they are who they say they are and logs them in anyway.beemzet wrote:Hi all,
I've been creating a user management system wich allows users to register, log in, log out and manage their profiles.
Login script works like this: Gets username and password from username and password textboxes, MD5 encrypts the password, and compares the username and password to that of the database. If everyting is OK, then logs in, otherwise doesn't login.
I added gmail-like "remember me" option to the script. If the user checks to remember the username and password, then the script will set cookies with username and MD5 encrypted password. The next time when the page is loaded, the script checks if username and password cookies had been set. If yes, those values will be shown on username and password textboxes as google does. When I get values from cookies, I will have a username, and a MD5 encrypted password, right? So, with these values, if I submit the form, my login script encrypts the password again, which is already enrypted.
There comes my question. How do I do so that MD5 encrypted password that is stored in $_COOKIES variable, can be shown as a normal password in the password textbox.
Or any other solutions to the problem???
Thank you for your time.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
In PHP, strlen(). In Javascript, the length property.beemzet wrote:How do I find the lenght of original MD5 encrypted string?
You're the one talking about MD5, why did you choose it? We often suggest SHA256 as it's much stronger. We also recommend salts, peppers and a dash of nutmeg for rich flavor.beemzet wrote:And also, why use MD5 encryption when there is a way to decrypt them? Take a look at here
You would have to store that information while you have the original data. But why?How do I find the lenght of original MD5 encrypted string?
Those "decrypt" pages are usually based on rainbow tables, large pre-computed tables that contain many many md5 hashes. It's very unlikely that they contain the hash for e.g. lepton34bose_ (unless someone adds this hash right nowbeemzet wrote:And also, why use MD5 encryption when there is a way to decrypt them? Take a look at here
The funny thing about that site is it probably doesn't have every computation. But when you do part one (find the MD5/SHA1 hash), it adds that to its own lookup. I'm gonna test my theory to find out for sure though 
EDIT: That site doesn't use a true hash of MD5 or SHA1. They've made their own variation that is decryptable, so there it would appear there is no rainbow table for it.
EDIT: That site doesn't use a true hash of MD5 or SHA1. They've made their own variation that is decryptable, so there it would appear there is no rainbow table for it.