im using md5 to encrypt the password. then, how to get back the original string if i need it. is there any decryption possible?
plz help me in this regard.
thanks in advance
11 242123 michaelb 534
Recognized Expert Contributor
The whole idea behind a one way encryption is to generate a hashed value that cannot be decrypted to reveal the original string.
That's the reason that when dealing with lost passwords administrators typically reset it to a new value.
@savyatha
could u plz send me code how to encrypt password
im using md5 to encrypt the password. then, how to get back the original string if i need it. is there any decryption possible?
plz help me in this regard.
thanks in advance
md5 is supposed to be a one way encryption. The reason you use it, is so only the user knows their password, but you can still validate the password.
How you validate it is to create an md5 hash of the password supplied by the user, and compare that with the md5 hash of the password in the database.
eg: pseudo code -
$user = $_POST['user']; // username from form
-
$password = $_POST['password']; // password sent from from
-
$hash = md5($password);
-
-
// query the db for the user and password combo
-
$userid = query("select id from users where username = '".clean($user)." ' and passowrd = '".clean($hash)."' LIMIT 1";
-
-
if ($userid !== false) {
-
// authentication passed
-
} else {
-
// auth failed
-
}
-
-
// note:
-
// clean() is is your custom function that escapes mysql input
-
// query() is your custom function that queries the db, and returns false on a null resultset
-
// $userid !== false is used instead of $userid != false since the userid may be 0, see "type comparisons"..
-
-
You should try using sha1() instead of md5() as it is harder to find collisions in sha1(). But make sure your php supports it.
eg: - if (function_exists('sha1')) {
-
// use sha1
-
} else {
-
// fallback to md5
-
}
Well you can't decrypt it directly. Md5 it's one way hash function. But there are some limited choices, like a huge database with md5 decrypted strings. You can try this Md5 decrypter tool.
Hai,
Good Evening,
I'm doing a small project using python and MySQL in APPLE MACINTOSH.
I want to decrypt the password using md5 algorithm. Is it possible or not.
If not possible then how to encrypt the password and decrypt the password give some example. Please help me.
Thanks in advance
Warm Regards,
Srinivas
Markus 6,050
Recognized Expert Expert @cnivas
As noted before, md5() is a hashing algorithm, meaning it's a one way street.
You can create your own encryption class, if you like.
However, you should never know the value sensitive data. If you ever need to compare user input to a hashed piece of data, simply compare a hashed version of the user input to the already hashed data.
Ciary 247
Recognized Expert New Member
exacly what i was about to say :)
what you can do is save the original(unhashed) password in your database next to it's hashed brother :)
doing this, you can give a mail a user his password if he asks. it will make your website a bit less safe though since the moderator can log in as any user since he knows username and password.
to prevent this you can encrypt that password with triple DES or AES or something alike. but that would make the md5 password unneccesary.
lets say, your security is only as strong as it's weakest password.
Markus 6,050
Recognized Expert Expert @Ciary
Best practices would not let you keep a human readable form of a password. It's damn right rude ;)
Ciary 247
Recognized Expert New Member @Markus
depends, if you keep it quiet it is.
if you tell them in a 10 pages long privacy explaination, it's more then rude. it's pure evil.
but if you tell them in a short line, it isn't. then it's for the user to decide wether or not he will join. you won't have much members though.
still i think the best way to make a login is to make function in which you mail a new password to the user. i dont think programming an AES or triple DES in php is possible. but feel free to look for a tool:)
Hi 2 all ., if you encrypted a password using md5 means ., there is no way to decrypt it ., so you need to use base64_decode and base64_encode
base64_encode code: - <?php
-
$str = 'This is an encoded string';
-
echo base64_encode($str);
-
?>
out put :VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==
base64_decode code - <?php
-
$str = 'VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==';
-
echo base64_decode($str);
-
?>
out put :This is an encoded string
Oralloy 988
Recognized Expert Contributor
@Ciary,
It's always possible, even if you have to shell out to an external support function to do the work. (Yes, I know - expensive and evil; still, a standard way of re-using existing tools.)
The algorithms are open, another option is to just port them to a PHP module and have done with.
@Markus,
I agree that keeping a human readable form of the password is stupid. A lot of sites do business that way, though. Of course, the first time they're cracked, that practice goes by the wayside.
The way that I like to work is to accept a password and send an e-mail. If the user follows the time-limited link and confirms the password, then they're likely legit. If not, log and purge the new account.
Cheers!
Oralloy
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Ian Davies |
last post by:
Hello
I would like to query the user table of the mysql database from my VB
application to check that a user's password entered in a text field on a
form corresponds to that users password in the...
|
by: aji |
last post by:
Hello,
I have question about an encrypted password field in an MSAccess
database file.
My task is to migrate a shopping cart from ASP/Access to PHP/MySQL...
which is quite new territory for...
|
by: David Garamond |
last post by:
I read that the password hash in pg_shadow is salted with username. Is
this still the case? If so, since probably 99% of all PostgreSQL has
"postgres" as the superuser name, wouldn't it be better...
|
by: zelzel.zsu |
last post by:
Is there any good methods to read a encrypted password file?
hi, all:
I've a zipped file with a password .
currently i use it by this method:
$ unzip -p secret.zip | python my-pexpect.py
but...
|
by: nithyasunil |
last post by:
How do I decrypt a password from the database?
| |
by: Shmuel |
last post by:
Hello,
Is it possible to give to mysql_connect an encrypted (md5 or sha1)
password?
If not is there a workaround?
I store passwords for users in database and don't want to use plain
text...
|
by: Claudia Fong |
last post by:
I have two textboxes in my webform for the user to login with their
username and password.
Is it possible to encrypt the password that the user input? For example
if the user input a 6...
|
by: cnivas |
last post by:
Hai All,
Good Evening,
I'm doing a small application using python and MySQL in APPLE MACINTOSH OPERATING SYSTEM. I want to to store the password in encrypted form in the database. While...
|
by: simon2x1 |
last post by:
how can i decrypt password with i encryted with md5 i try using mcrypt it did not work
<?PHP
$sql = "SELECT password FROM user WHERE email='$email_to'";
$result = mysql_query($sql);
$rows =...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |