Page 1 of 1
Decrypting md5 encryption
Posted: Thu Sep 13, 2007 4:36 pm
by psychotomus
how can I decrypt md5 encryption? I need to decrypt all my user passwords in my database then insert them in a new database. my old database with all there username and passwords crashed so I need to redo it.
Posted: Thu Sep 13, 2007 4:40 pm
by tecktalkcm0391
you can't sorry. MD5 is one way only, but md5 will always do the output same as input, so there is no need to decrypt.
Posted: Thu Sep 13, 2007 5:06 pm
by psychotomus
sorry but there has to be some way. If there is no need to decrypt it then how do I convert them to regular strings
Posted: Thu Sep 13, 2007 5:27 pm
by Josh1billion
Like the other guy said, md5 is one-way. The way people use MD5 to check passwords (when logging in) is to check the MD5 of what a user entered against the stored MD5 of the password, like this:
Code: Select all
if (md5($password_entered) == $md5_of_pass_stored) { // passwords match, so log the user in }
So there's no way to convert back. Just use a system similar to what I described.
Posted: Thu Sep 13, 2007 5:28 pm
by volka
psychotomus wrote:If there is no need to decrypt it then how do I convert them to regular strings
You don't. Simple as that.
And there's no need to if you only want to transfer them from one database to another.
Posted: Thu Sep 13, 2007 6:02 pm
by tecktalkcm0391
"MD5 Encryption is a way of encoding information using a mathematical formula or "hash" which gives an unreversible and unique code"
(http://www.allhype.co.uk/scripts/md5/).
Posted: Thu Sep 13, 2007 7:51 pm
by seodevhead
Isn't there a program called "Jack The Ripper" that can decrypt md5? It doesn't decrypt it rather, but is very quick at making a match.
Posted: Fri Sep 14, 2007 12:07 am
by s.dot
md5() is a hashing algorythm, not an encryption.
the values of md5() generated hashes are meant to be checked against, not deciphered.
You will be able to transfer the hashes to a different database without messing up anything.
Posted: Fri Sep 14, 2007 3:30 am
by superdezign
When people refer to "decrypting" MD5, they don't so much mean that they can get the original data, but rather that they can get a string that produces the same MD5 hash, thus making it so that they don't need the original data.
And why exactly would you need to do this? You shouldn't ever need your user's passwords anyway.
Posted: Fri Sep 14, 2007 2:00 pm
by uberdragon
I would have to agree.
1) There is absolutely no reason for you to know your users passwords. If they can't remember generate a new password and hash.
2) You cannot reverse engineer md5. The only thing possible is a rainbow attack and that is only going to work for the users using a password that was unlucky enough to be included in the database. In order to get a password from md5 what is actually happening is the program looks up the hash and matches it to the already known password.