Thanks every body for your replies!!
It is clear to me that I can not reverse a hased string!!
Thanks!!!
Guirao
-Original Message-
From: Jason Gerfen [mailto:[EMAIL PROTECTED]
Sent: Lunes, 14 de Enero de 2008 02:04 p.m.
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] md5() function
Steven Cruz wrote:
> Hello;
>
> I maybe wrong, but I believe it is one way. What you need to do is take
> your input and encrypt it and check if matches your current encrypted
> value. :)
>
> peace and hugs.
>
> Miguel Guirao wrote:
>> Hi!!
>>
>> I'm using the md5() function to encrypt a passwor
On Jan 14, 2008 2:26 PM, Miguel Guirao <[EMAIL PROTECTED]> wrote:
> Hi!!
>
> I'm using the md5() function to encrypt a password and store it into a
> database. Now I want to retrieve that MD5 password and convert it into it's
> human readable condition.
> Is there a function opposite to md5()??
MD5 is also known as an one-way crypt system; you can encryptit but
never unencrypted; only using brute force or a hash list you can
retrive a 'string' that it's hash is the one stored; but it is not
necesary the same original string; this is also known as a hash
collision.
So, in short... no, the
Hello;
I maybe wrong, but I believe it is one way. What you need to do is take
your input and encrypt it and check if matches your current encrypted
value. :)
peace and hugs.
Miguel Guirao wrote:
Hi!!
I'm using the md5() function to encrypt a password and store it into a
database. Now I wa
Hi!!
I'm using the md5() function to encrypt a password and store it into a
database. Now I want to retrieve that MD5 password and convert it into it's
human readable condition.
Is there a function opposite to md5()??
Best Regards,
M Guirao
--
PHP Database Mailing List (http://www.php.net/)
To
On 4/18/06, Giff Hammar <[EMAIL PROTECTED]> wrote:
> For an example, look at how UNIX/Linux stores regular login passwords. In
> short, the salt is the first two characters in the password. When comparing
> passwords, you take the salt and the user supplied password, encrypt, then
> compare the two
you need the key to be easily available, so row id or a set date field(one
that does not change as opposed to a timestamp type field)
bastien
From: "Sean Mumford" <[EMAIL PROTECTED]>
To:
Subject: [PHP-DB] MD5, MySQL, and salts
Date: Mon, 17 Apr 2006 15:33:58 -0400
Hi Guys
Sent: Monday, April 17,
2006 4:36 PM
To: Sean Mumford
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] MD5, MySQL, and salts
On 4/18/06, Sean Mumford <[EMAIL PROTECTED]> wrote:
Hi Guys,
I'm working on securing user passwords in a MySQL 4 database with a
PHP5 frontend. I remember being
atches the original. AFAIK, that is the only way to verify
passwords encrypted with a one-way algorithm.
Giff
-Original Message-
From: chris smith [mailto:[EMAIL PROTECTED]
Sent: Monday, April 17, 2006 4:36 PM
To: Sean Mumford
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] MD5, MySQL, and
password matches the original. AFAIK, that is the only way to verify
passwords encrypted with a one-way algorithm.
Giff
-Original Message-
From: chris smith [mailto:[EMAIL PROTECTED]
Sent: Monday, April 17, 2006 4:36 PM
To: Sean Mumford
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] MD5
On 4/18/06, Sean Mumford <[EMAIL PROTECTED]> wrote:
> Hi Guys,
> I'm working on securing user passwords in a MySQL 4 database with a PHP5
> frontend. I remember being told in one of my classes (I'm currently a
> college junior) that the best way would be to hash a salt and the password
> together a
Hi Guys,
I'm working on securing user passwords in a MySQL 4 database with a PHP5
frontend. I remember being told in one of my classes (I'm currently a
college junior) that the best way would be to hash a salt and the password
together and then store the hash in the database instead of the plain MD
Mike Baerwolf wrote:
I'm looking at using md5() and mysql for user auth to some of the data
in a table. I found the following on the php md5 manual page,
$query = "INSERT INTO user VALUES ('DummyUser',md5('DummyPassword'))";
$password = md5($password);
$query = "SELECT * FROM user WHERE usernam
Hello,
I'm looking at using md5() and mysql for user auth to some of the data
in a table. I found the following on the php md5 manual page,
$query = "INSERT INTO user VALUES ('DummyUser',md5('DummyPassword'))";
$password = md5($password);
$query = "SELECT * FROM user WHERE username='DummyUser'
On Tuesday 24 June 2003 22:36, Peter Beckman wrote:
> Most sites save/allow an 8 character password. Allowing alphanumerics and
> underscore, period and pound (_, ., #), that is 39^8, or 5,352,009,260,481
> or about 5 trillion possible passwords. If you allow more than 8
> characters, that number
On Tuesday 24 June 2003 21:08, JeRRy wrote:
> I guess technically there MUST be a way to break the
> barrier where you can reverse it. If there is a way
> to make it there is always a way to break it, somehow.
>
Consider that whatever sized input you give it, after it's been md5'ed, you'
PROTECTED]
> Sent: Tuesday, June 24, 2003 4:47 AM
> To: JeRRy; [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] md5 question!
>
>
> They would be the same, they have to be. If you can de-crypt
> it, there has to
> be some method of validation. So, if someone choose the sam
My mistake -- I'm wrong here. Through a few emails I learned that it is a
32 character hex value that is returned, not a 32 char alphanumeric. That
reduces my estimate of 63*10^48 to 340*10^36, still more than crypt though.
My bad, sorry to all who believed me without question!
Beckman
On Tue,
do it.
>
> Can somebody explain if this is less secure or less-preferable than MD5?
> Even if one were able to decipher the algorithm PHP uses for a crypt()
> operation, the salt is supposedly random so having the encryption algorithm
> would not be all that useful.
>
> Am I totally
Most sites save/allow an 8 character password. Allowing alphanumerics and
underscore, period and pound (_, ., #), that is 39^8, or 5,352,009,260,481
or about 5 trillion possible passwords. If you allow more than 8
characters, that number increases.
On Tue, 24 Jun 2003, Marco Tabini wrote:
> On
YOU CAN NOT RECOVER THE ORIGINAL TEXT FROM AN MD5 HASH (unless you have a
couple hundred years and nothing to do and want to try all 63*10^48
possibilities).
You can look to see if jerry and bob have the same MD5 hash as their
password, but unless your store their password in plaintext as well as
ble to decipher the algorithm PHP uses for a crypt()
> operation, the salt is supposedly random so having the encryption algorithm
> would not be all that useful.
>
> Am I totally missing something here?
>
> Rich
>
> > -Original Message-
> > From: Ma
n algorithm
would not be all that useful.
Am I totally missing something here?
Rich
> -Original Message-
> From: Matt Schroebel [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 24, 2003 9:52 AM
> To: JeRRy
> Cc: [EMAIL PROTECTED]
> Subject: RE: [PHP-DB] md5 question!
>
>
> -Original Message-
> From: JeRRy [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 24, 2003 9:50 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] md5 question!
>
> So with md5 I can
> retrieve the passwords back to the user if they los
Marco,
Aha... Thanks. I guess there is no need to add a salt
if I'm the only admin using the database interface.
But I guess if you want to be more secure etc it would
be best to add it so if someone grabbed the database
they will find no matches.
I really have to look into making my databases
matches the password they registered with, if md5() gave you
different output, then you could never verify thier password.
Eddie
-Original Message-
From: JeRRy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 9:45 AM
To: Marco Tabini
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] m
On Tue, 2003-06-24 at 09:45, JeRRy wrote:
> If true, if more than 1 user had an identical password
> to another the md5 output would be unique for each
> user. So a different md5 output even though the same
> password. Because if:
>
>
> it's mathematically impossible to retrieve
> > the origina
Hi,
Aha... That's what I thought! :) So with md5 I can
retrieve the passwords back to the user if they lose
them via email. That's what I was seeking an answer
to. Thanks so much.
Jerry
--- [EMAIL PROTECTED] wrote: > They would be
the same, they have to be. If you can
> de-crypt it, there h
On Tue, 2003-06-24 at 09:36, JeRRy wrote:
> Hi,
>
> Hmmm okay... So if the passowrd was.
>
[snip]
There are ways to avoid this. Typically, you can add a random token (or
a salt) to the password before you calculate its checksum. This way, two
users with the same password will have two different
They would be the same, they have to be. If you can de-crypt it, there has to
be some method of validation. So, if someone choose the same password as you
did, and you stored those in a DB as encrypted with md5, then they would look
identical. So, you would know the other person's password.
Marco,
Okay I just replied to another post asking if md5
outputs a different output if the same password was
entered by more than 1 user.
I think the answer to that is explained by you below.
If true, if more than 1 user had an identical password
to another the md5 output would be unique for e
md5 returns a 32 char hexdec string. I'm not sure where you get an 11
char alpha string from md5...
Since the MD5 is 32 chars in length, with 36 possibilities for each char,
that leaves us with 36^32, or 63340286662973277706162286946811886609896461828096
or 63,340,286,662,973,276,904,018,768,749,
Hi,
Hmmm okay... So if the passowrd was.
jerry
and the md5 output was
SKHDJHDJDHJDHSfdfs
and another user sets their passowrd to the same as
mine does that mean the md5 output would be identical
to the last as the same password is entered?
e.g.
User 1:
Username: Fred
Password: jerry
User 2:
, June 24, 2003 9:30 AM
> To: JeRRy
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP-DB] md5 question!
>
>
> On Tue, 2003-06-24 at 09:08, JeRRy wrote:
> > I guess technically there MUST be a way to break the
> > barrier where you can reverse it. If there is a way
> >
On Tue, 2003-06-24 at 09:08, JeRRy wrote:
> I guess technically there MUST be a way to break the
> barrier where you can reverse it. If there is a way
> to make it there is always a way to break it, somehow.
> But what I have heard and read it's very tight
> and probably the best method to
Speaking of MD5 hashes, I had the idea and the wherewithal to build a site
that had a huge pile of passwords and their various matching MD5 hashes,
crypts using all 26^2 salts, etc. People could submit passwords (or
request that passwords be removed); I'd initially populate it with
passwords built
Just use brute force...
Example:
md5('password') will ALWAYS produce the same output!
So, if I intercept a pmd5 encrypted password that looks like: SKHGDOIUYFB
then I could just say:
if (strcmp (md5('password'), SKHGDOIUYFB) == 0)
printf("Your password is: %s\n", password);
So, just start a loop
Marco,
Thanks, that's what I originally thought that it was
one way. So websites that have the option to retrieve
password don't use md5?
I guess technically there MUST be a way to break the
barrier where you can reverse it. If there is a way
to make it there is always a way to break it, someho
age-
From: JeRRy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 8:35 AM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] md5 question!
Hi,
If I use md5 to handle passwords to my database is
there a way to reverse the action if someone forgets
their password? Is there a way for me to decode th
Hi Jerry--
No, md5 is a one-way hash. That's why it's so safe--because if someone
steals the information he still can't tell what the passwords are.
You may want to reset the passwords upon your users' request and send it
to them via e-mail instead.
Cheers,
Marco
--
php|architect -- The Magaz
Hi,
If I use md5 to handle passwords to my database is
there a way to reverse the action if someone forgets
their password? Is there a way for me to decode the
32bit to plain text?
Jerry
http://mobile.yahoo.com.au - Yahoo! Mobile
- Check & compose your email via SMS on your Telstra or Vodafone
> For every password that I store in the database I have found it is the
> same string of characters no matter what the original $password is.
That is because you have single quotes around your variable so it is not
being expanded, so everytime it is the MD5 of the same thing, the string
$password
Hello list,
I am having a problem with MD5().
Every time I try to use this function it seems to work, but I get the
same results. Below is what I am trying to do.
$pass = MD5('$password');
For every password that I store in the database I have found it is the
same string of characters n
> $preencher = mysql_query("SELECT * FROM alemao");
> $update = mysql_query("UPDATE alemao SET codigo =
> md5(concat(nome,email))");
>
> mysql_close ($db);
>
>
> whats wrong with my code? when I tell him to
>
> else echo "No"; ?>
>
> he returns "Insert MD5", but nothing happens in the db... w
Please, help me with this:
$preencher = mysql_query("SELECT * FROM alemao");
$update = mysql_query("UPDATE alemao SET codigo = md5(concat(nome,email))");
mysql_close ($db);
whats wrong with my code? when I tell him to
he returns "Insert MD5", but nothing happens in the db... whats wrong?
T
> I have to store some CC details in a database which are inputted from
a
> form, is MD5() the best way to secure the data? If so, how do I view
> MD5() data after it has been inserted? Any good MD5() tutorials out
> there?
Please do your users a favor and do not store credit card numbers on
you
md5() is a one-way encryption algorithm. So once they are encrypted, you cannot
decrypt them. Just look at the md5() function on the php website. It has what you
need to do. Of course if you eventually need these back
in the clear, then md5 would not be a solution.
-Brad
Chris Payne wrote:
Hi there everyone,
I have to store some CC details in a database which are inputted from a form, is MD5()
the best way to secure the data? If so, how do I view MD5() data after it has been
inserted? Any good MD5() tutorials out there?
Thanks for your help :-)
Regards
Chris
> - Original Message -
> From: "Ignat Ikryanov" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, August 29, 2001 4:45 PM
> Subject: [PHP-DB] MD5 (' ')
>
>
> Hi!
> I use md5 function to encrypt users password
, 2001 10:10 AM
Subject: Re: [PHP-DB] MD5 (' ')
> I'm not so sure, but there is another parameter to md5() - the salt.
>
> Andrey Hristov
> IcyGEN Corporation
> http://www.icygen.com
> 99%
>
> - Original Message -
> From: "Ignat Ikryanov&q
gt;
>Andrey Hristov
>IcyGEN Corporation
>http://www.icygen.com
>99%
>
>- Original Message -
>From: "Ignat Ikryanov" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, August 29, 2001 4:45 PM
>Subject: [PHP-DB] MD5 (' '
I'm not so sure, but there is another parameter to md5() - the salt.
Andrey Hristov
IcyGEN Corporation
http://www.icygen.com
99%
- Original Message -
From: "Ignat Ikryanov" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 29, 2001 4:
Hi!
I use md5 function to encrypt users password stored in MySql database. When I try
encrypt string 'asdf' using md5 function I retrieve:
912ec803b2ce49e4a541068d495ab570
But in 'shodow' file of my linux (Debian 2.2 used MD5 to encrypt users password)
'asdf' string looks like:
$1$arjq575D$rnHVF
relate to your problem? Well maybe md5 thinks your
string has already been encrypted.
Mike
-Original Message-
From: bryan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 27, 2001 4:48 PM
To: Joe Brown; db
Subject: Re: [PHP-DB] md5
Yeah, i am aware of the 32 byte character string. As a
Sent: Tuesday, February 27, 2001 12:40 PM
Subject: Re: [PHP-DB] md5
> You are aware that md5() generates a 32 byte character string?
>
> Working on the 10 digit password request, have you alotted enough space in
> your database columns to cater to a 32 byte string (64 for multibyte)?
You are aware that md5() generates a 32 byte character string?
Working on the 10 digit password request, have you alotted enough space in
your database columns to cater to a 32 byte string (64 for multibyte)?
BTW: md5 has eaten everything I've thrown at it ;-)
""bryan"" <[EMAIL PROTECTED]> wrot
I need some advice on this
I am creating a random password through a function.
This creates a random password and updates it in the database.
The sql query works if I make it :
$sql = "UPDATE members SET password='$password', verify='$verify' WHERE
username='$username' ";
but if I make the
58 matches
Mail list logo
