By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,475 Members | 1,929 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,475 IT Pros & Developers. It's quick & easy.

how to decrypt the md5 encrypted password

P: 9
im using md5 to encrypt the password. then, how to get back the original string if i need it. is there any decryption possible?
plz help me in this regard.
thanks in advance
Mar 24 '07 #1
Share this Question
Share on Google+
11 Replies


Expert 100+
P: 534
The whole idea behind a one way encryption is to generate a hashed value that cannot be decrypted to reveal the original string.

That's the reason that when dealing with lost passwords administrators typically reset it to a new value.
Mar 24 '07 #2

P: 4
@savyatha
could u plz send me code how to encrypt password
Jun 9 '07 #3

P: 18
im using md5 to encrypt the password. then, how to get back the original string if i need it. is there any decryption possible?
plz help me in this regard.
thanks in advance
md5 is supposed to be a one way encryption. The reason you use it, is so only the user knows their password, but you can still validate the password.
How you validate it is to create an md5 hash of the password supplied by the user, and compare that with the md5 hash of the password in the database.

eg: pseudo code
Expand|Select|Wrap|Line Numbers
  1. $user = $_POST['user']; // username from form
  2. $password = $_POST['password']; // password sent from from
  3. $hash = md5($password);
  4.  
  5. // query the db for the user and password combo
  6. $userid = query("select id from users where username = '".clean($user)." ' and passowrd = '".clean($hash)."' LIMIT 1";
  7.  
  8. if ($userid !== false) {
  9. // authentication passed
  10. } else {
  11. // auth failed
  12. }
  13.  
  14. // note:
  15. // clean() is is your custom function that escapes mysql input
  16. // query() is your custom function that queries the db, and returns false on a null resultset
  17. // $userid !== false is used instead of $userid != false since the userid may be 0, see "type comparisons".. 
  18.  
  19.  
You should try using sha1() instead of md5() as it is harder to find collisions in sha1(). But make sure your php supports it.

eg:

Expand|Select|Wrap|Line Numbers
  1. if (function_exists('sha1')) {
  2. // use sha1
  3. } else {
  4. // fallback to md5
  5. }
Jun 9 '07 #4

didoamylee
P: 16
Well you can't decrypt it directly. Md5 it's one way hash function. But there are some limited choices, like a huge database with md5 decrypted strings. You can try this Md5 decrypter tool.
Nov 7 '08 #5

P: 8
Hai,

Good Evening,

I'm doing a small project using python and MySQL in APPLE MACINTOSH.
I want to decrypt the password using md5 algorithm. Is it possible or not.
If not possible then how to encrypt the password and decrypt the password give some example. Please help me.

Thanks in advance

Warm Regards,
Srinivas
Apr 20 '09 #6

Markus
Expert 5K+
P: 6,050
@cnivas
As noted before, md5() is a hashing algorithm, meaning it's a one way street.

You can create your own encryption class, if you like.

However, you should never know the value sensitive data. If you ever need to compare user input to a hashed piece of data, simply compare a hashed version of the user input to the already hashed data.
Apr 20 '09 #7

Ciary
Expert 100+
P: 247
exacly what i was about to say :)

what you can do is save the original(unhashed) password in your database next to it's hashed brother :)
doing this, you can give a mail a user his password if he asks. it will make your website a bit less safe though since the moderator can log in as any user since he knows username and password.

to prevent this you can encrypt that password with triple DES or AES or something alike. but that would make the md5 password unneccesary.

lets say, your security is only as strong as it's weakest password.
Apr 20 '09 #8

Markus
Expert 5K+
P: 6,050
@Ciary
Best practices would not let you keep a human readable form of a password. It's damn right rude ;)
Apr 20 '09 #9

Ciary
Expert 100+
P: 247
@Markus
depends, if you keep it quiet it is.
if you tell them in a 10 pages long privacy explaination, it's more then rude. it's pure evil.
but if you tell them in a short line, it isn't. then it's for the user to decide wether or not he will join. you won't have much members though.

still i think the best way to make a login is to make function in which you mail a new password to the user. i dont think programming an AES or triple DES in php is possible. but feel free to look for a tool:)
Apr 20 '09 #10

P: 1
Hi 2 all ., if you encrypted a password using md5 means ., there is no way to decrypt it ., so you need to use base64_decode and base64_encode

base64_encode code:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $str = 'This is an encoded string';
  3. echo base64_encode($str);
  4. ?> 
out put :VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==

base64_decode code
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $str = 'VGhpcyBpcyBhbiBlbmNvZGVkIHN0cmluZw==';
  3. echo base64_decode($str);
  4. ?> 
out put :This is an encoded string
Dec 7 '10 #11

Oralloy
Expert 100+
P: 983
@Ciary,

It's always possible, even if you have to shell out to an external support function to do the work. (Yes, I know - expensive and evil; still, a standard way of re-using existing tools.)

The algorithms are open, another option is to just port them to a PHP module and have done with.

@Markus,
I agree that keeping a human readable form of the password is stupid. A lot of sites do business that way, though. Of course, the first time they're cracked, that practice goes by the wayside.

The way that I like to work is to accept a password and send an e-mail. If the user follows the time-limited link and confirms the password, then they're likely legit. If not, log and purge the new account.

Cheers!
Oralloy
Dec 7 '10 #12

This discussion thread is closed

Replies have been disabled for this discussion.