Decrypting md5 encryption
Moderator: General Moderators
-
psychotomus
- Forum Contributor
- Posts: 487
- Joined: Fri Jul 11, 2003 1:59 am
Decrypting md5 encryption
how can I decrypt md5 encryption? I need to decrypt all my user passwords in my database then insert them in a new database. my old database with all there username and passwords crashed so I need to redo it.
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
-
psychotomus
- Forum Contributor
- Posts: 487
- Joined: Fri Jul 11, 2003 1:59 am
- Josh1billion
- Forum Contributor
- Posts: 316
- Joined: Tue Sep 11, 2007 3:25 pm
Like the other guy said, md5 is one-way. The way people use MD5 to check passwords (when logging in) is to check the MD5 of what a user entered against the stored MD5 of the password, like this:
So there's no way to convert back. Just use a system similar to what I described.
Code: Select all
if (md5($password_entered) == $md5_of_pass_stored) { // passwords match, so log the user in }- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
"MD5 Encryption is a way of encoding information using a mathematical formula or "hash" which gives an unreversible and unique code" (http://www.allhype.co.uk/scripts/md5/).
- seodevhead
- Forum Regular
- Posts: 705
- Joined: Sat Oct 08, 2005 8:18 pm
- Location: Windermere, FL
md5() is a hashing algorythm, not an encryption.
the values of md5() generated hashes are meant to be checked against, not deciphered.
You will be able to transfer the hashes to a different database without messing up anything.
the values of md5() generated hashes are meant to be checked against, not deciphered.
You will be able to transfer the hashes to a different database without messing up anything.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
When people refer to "decrypting" MD5, they don't so much mean that they can get the original data, but rather that they can get a string that produces the same MD5 hash, thus making it so that they don't need the original data.
And why exactly would you need to do this? You shouldn't ever need your user's passwords anyway.
And why exactly would you need to do this? You shouldn't ever need your user's passwords anyway.
- uberdragon
- Forum Newbie
- Posts: 11
- Joined: Thu Apr 27, 2006 8:54 am
- Location: Farmington, CT
I would have to agree.
1) There is absolutely no reason for you to know your users passwords. If they can't remember generate a new password and hash.
2) You cannot reverse engineer md5. The only thing possible is a rainbow attack and that is only going to work for the users using a password that was unlucky enough to be included in the database. In order to get a password from md5 what is actually happening is the program looks up the hash and matches it to the already known password.
1) There is absolutely no reason for you to know your users passwords. If they can't remember generate a new password and hash.
2) You cannot reverse engineer md5. The only thing possible is a rainbow attack and that is only going to work for the users using a password that was unlucky enough to be included in the database. In order to get a password from md5 what is actually happening is the program looks up the hash and matches it to the already known password.