De-crypting after using md5

programming
1

I was wondering how do you retrieve and decrypt something in MySQL after using md5. Thanks

2

it’s technically impossible to decrypt an md5 hash :slight_smile:

3

Impossible to decrypt md5 there bro. Unless I’m out of the loop. If you want to check something against that value, here’s an example of some code that I use to validate user passwords. (passed using the post method from a form)


$username = $_POST['username'];
$password = $_POST['password'];
if((!$username) || (!$password)){
	echo "Please enter ALL of the information! <br />";
	include 'login_form.html';
	exit();
}
$password = md5($password);
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='1'");
$login_check = mysql_num_rows($sql);

etc… check that mysql_num_rows has value, process data, etc…

4

add 1 to the posted at the same time column

5

I did find this though
http://www.wiretapped.be/security/host-security/mdcrack/

Apparently, you can take an md5 hash and find a text string that will have the same collision as the original string since the number of varients is fixed at 2^128. But it is impossible to tell directly if the collision is indeed the origional string. Pretty cool actually.

6

lol. And i thought it was easy. Anyways, I asked that question cuz i have built this password retrieval thing for a website and when I tried it out, I was getting problems until I realized I was using md5 encryption. Oh well, thanks for the input anyways guys. I appreciate it.

7

The easiest way would be to have a thing where you can reset the password with some randomly generated string, then set that string as the password and email it to them. Then they can log in and set it to what they want.

8

hmm, how come i never thought of that? Maybe cuz i don’t know how to generate a random password? hehe. Anyhow, could anybody help me out with this, plz?

9

not a prob. I’ll get you hooked up in a few

10 
	function makeRandomPassword() {
  		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
  		srand((double)microtime()*1000000); 
	  	$i = 0;
	  	while ($i <= 7) {
	    		$num = rand() % 33;
	    		$tmp = substr($salt, $num, 1);
	    		$pass = $pass . $tmp;
	    		$i++;
	  	}
	  	return $pass;
	}
	$random_password = makeRandomPassword();
11

there are many ways to generate a random string… what i do is take the time and date, md5 that string and take the first 8 letters to make a random password. I email that to the user, and store the hash of that password in my database…

<?php
function generatePSW ()
{
$longpsw = md5(date("l, F jS, Y g:i:d:s a")); 
$psw = substr ( $longpsw , 0, 8 );
return $psw;
}

$psw = generatePSW ();
echo("string to be mailed: <b>" . $psw);
echo("</b><<br>br>string to be stored in database: <b>" . md5($psw . "</b>"));
?>
12

You guys have no idea how much i appreciate your help. Even a bear hug wont do it. Thanks a whole bunch guys. You rock!

13

hey, a hug would do :stuck_out_tongue:

14

Sure. bear hug :thumb: