password decryption

waqasahmed996

hi to all
we have a access to a mysql database in which password is in encrypted form in password field. i want to read actual password. how can i do that.

i need to know if i am not clear in my question

Markus

What function do you use to encrypt the password? You should never need to see an unencrypted password. Say you use md5() to encrypt it, to see whether a provide password matches it, md5() the new password against the password in the database.

nathj

If it is because a user has forgotten their password then you need to authenticate them by username and email address and then send a new randomly generated password to the stored email address. They can then use that to log in and change their password. This is how most sites work.

As Markus said only the password owner - site user, should know the password.

nathj

waqasahmed996

actually we are transfer our data from mysql to sql server. so there is many account holder already exist with their user name and password. i want to enter same password in sql server. that's why i need to decrypt that passwords

i am using md5() for encryption. so please any idea to decrypt md5() encrypted passwords in php.

TheServant

The whole point of encrypting passwords is that it is practically impossible to "decrypt" it with another function. I am sure it could be done if the encryption system was known, but that would defeat the whole point of having it.

The only way to find out what an md5()'d password is, is to guess it and compare md5(your guess) to the original string. So unlikely you are going to do that.

If you are moving servers why don't you just encrypt passwords with php and store it in the SQL server? As in why can't you just copy it over and treat it exactly the same? All it means is you can't use MySQL function, but using php should be the same shouldn't it?

nathj

TheServant has this spot on. There is no need to decrypt the password. Simply copy the encrypted (more strictly speaking hashed) value from one database to another and carry on as normal.

The hash should be done by PHP, that way the user can specify their own password which is hashed and stored. Then when they use it to log in you take the value entered, hash it and compare tat in the db. This should work regardless of the database - MySQL or SQL Server.

Cheers
nathj

waqasahmed996

i dont know why but it is not working when same encrypted password is paste on other database. i am trying to find out why it is not working. As i come to know i will post message. but please if you how to decrypt md5() then guide me.

nathj

md5() is a hash and therefore cannot be decrypted. However, there are sites that offer look-up tables. they basically have a database of word with the md5 result. This is the best you can hope for.

TheServant

Mate, you cannot decrypt it like I said. Are you sure your SQL field is a long enough character length for it? Try store an md5()'d term in your new SQL tables and see if that works. If it does then you just have to copy the md5()'d passwords over, but if it doesn't you have an error in your code, SQL table setup, or SQL setup.

stepterr

waqasahmed996,
Do you have a user table in SQL Server just like you do in MySQL. Or are you trying to do this in the SQL Server Login Properties for the SQL Server Authentication?