how to descript the password
Moderator: General Moderators
how to descript the password
hi friends,
i am using the md5() for encript the password. it gives the 32 bit char working fine. i want descript the password.how can i get.
<?php
$password='sample';
$desc_pass=md5($password);
echo $desc_pass;
Results: 5e8ff9bf55ba3508199d22e984129be6;
?>
i want results Descript. Please help to me.
Regards
prakumma.
i am using the md5() for encript the password. it gives the 32 bit char working fine. i want descript the password.how can i get.
<?php
$password='sample';
$desc_pass=md5($password);
echo $desc_pass;
Results: 5e8ff9bf55ba3508199d22e984129be6;
?>
i want results Descript. Please help to me.
Regards
prakumma.
Re: how to descript the password
i dont think there is any other method to decrypt a string encoded with md5().
This logic md5() is used as a secure store medium to store some sensitive data like password which can be checked again.
Let me show you a usage.
This logic md5() is used as a secure store medium to store some sensitive data like password which can be checked again.
Let me show you a usage.
Code: Select all
$sample1 = 'somecode';
$encrypted = md5($sample1);
//now if u want to check if the given is the same code, you will need to do this..
//on another page for authentication
$sample2 = 'somecode';
$encrypted2 = md5($sample2);
if($encrypted==$encrypted2)
{
echo "comparision successful";
}
else
{
echo "comparision not succesful";
}
Re: how to descript the password
It's not meant to be decrypted. You match the encrypted strings, if not match = no login.
Re: how to descript the password
And for TS: "not meant to" here means "is not possible".papa wrote:It's not meant to be decrypted.
So if you meant with "Descript" to convert "5e8ff9bf55ba3508199d22e984129be6" back to "sample" again, then sorry, md5 is a one-way encryption
Re: how to descript the password
Correct, should have been more clear.Apollo wrote:And for TS: "not meant to" here means "is not possible".papa wrote:It's not meant to be decrypted.
So if you meant with "Descript" to convert "5e8ff9bf55ba3508199d22e984129be6" back to "sample" again, then sorry, md5 is a one-way encryption
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England
Re: how to descript the password
MD5 is going out of fashion, it's pretty easy to find a lookup table for hashed dictionary words. I just found this in 3 seconds, and it un-hashed "sample" for me - http://md5.igrkio.info/md5-hash-database.html
Re: how to descript the password
Well it's a pretty good first step, then salting it is probably a must.
-
Paul Arnold
- Forum Contributor
- Posts: 141
- Joined: Fri Jun 13, 2008 10:09 am
- Location: Newcastle Upon Tyne
Re: how to descript the password
Just for reference, Hashing is one-way, Encryption is two-way.
You can decrypt an encrypted password, you can't decrypt a hashed password.
You can decrypt an encrypted password, you can't decrypt a hashed password.
- jaoudestudios
- DevNet Resident
- Posts: 1483
- Joined: Wed Jun 18, 2008 8:32 am
- Location: Surrey
Re: how to descript the password
Definitely use a salt and then md5 it again.
i.e. md5(md5($pass) . $salt)
i.e. md5(md5($pass) . $salt)
- Skoalbasher
- Forum Contributor
- Posts: 147
- Joined: Thu Feb 07, 2008 8:09 pm
Re: how to descript the password
Salt? is that like something you add to it?jaoudestudios wrote:Definitely use a salt and then md5 it again.
i.e. md5(md5($pass) . $salt)
- jaoudestudios
- DevNet Resident
- Posts: 1483
- Joined: Wed Jun 18, 2008 8:32 am
- Location: Surrey
Re: how to descript the password
yep, use a random string that is quite long.
Re: how to descript the password
Why the double md5? I'd say that's less secure than just md5($pass.$salt) ?jaoudestudios wrote:Definitely use a salt and then md5 it again.
i.e. md5(md5($pass) . $salt)
Besides, TS:
- better use sha1 (or preferably even sha256 or sha512) instead of md5
- if applicable, use 'pepper' as well as salt (pepper means 'user-specific salt'), so that even if two users have the same password, they will not get the same hash
- Skoalbasher
- Forum Contributor
- Posts: 147
- Joined: Thu Feb 07, 2008 8:09 pm
Re: how to descript the password
Couldn't you make pepper using user specific info? like half of their real name, jumbled up or something?Apollo wrote:Why the double md5? I'd say that's less secure than just md5($pass.$salt) ?jaoudestudios wrote:Definitely use a salt and then md5 it again.
i.e. md5(md5($pass) . $salt)
Besides, TS:
- better use sha1 (or preferably even sha256 or sha512) instead of md5
- if applicable, use 'pepper' as well as salt (pepper means 'user-specific salt'), so that even if two users have the same password, they will not get the same hash
Re: how to descript the password
Yes, but then if they ever change their real name (assuming users can do so, in their profile settings or whatever, or it may become possible in the future) then suddenly their password hash would become invalid.Skoalbasher wrote:Couldn't you make pepper using user specific info? like half of their real name, jumbled up or something?
If you have constant user values (for example the date he joined), then that would do fine.
-
mickeyunderscore
- Forum Contributor
- Posts: 129
- Joined: Sat Jan 31, 2009 9:00 am
- Location: UK
Re: how to descript the password
Perhaps generating a random string when a user signs up and saving that with the user's details would work also. That would reduce the chance of two users sharing a salt.Apollo wrote:Yes, but then if they ever change their real name (assuming users can do so, in their profile settings or whatever, or it may become possible in the future) then suddenly their password hash would become invalid.Skoalbasher wrote:Couldn't you make pepper using user specific info? like half of their real name, jumbled up or something?
If you have constant user values (for example the date he joined), then that would do fine.