MD5 is also known as an one-way crypt system; you can encryptit but
never unencrypted; only using brute force or a hash list you can
retrive a 'string' that it's hash is the one stored; but it is not
necesary the same original string; this is also known as a hash
collision.
So, in short... no,
On Jan 14, 2008 2:26 PM, Miguel Guirao [EMAIL PROTECTED] wrote:
Hi!!
I'm using the md5() function to encrypt a password and store it into a
database. Now I want to retrieve that MD5 password and convert it into it's
human readable condition.
Is there a function opposite to md5()??
Steven Cruz wrote:
Hello;
I maybe wrong, but I believe it is one way. What you need to do is take
your input and encrypt it and check if matches your current encrypted
value. :)
peace and hugs.
Miguel Guirao wrote:
Hi!!
I'm using the md5() function to encrypt a password and store it
Hello;
I maybe wrong, but I believe it is one way. What you need to do is take
your input and encrypt it and check if matches your current encrypted
value. :)
peace and hugs.
Miguel Guirao wrote:
Hi!!
I'm using the md5() function to encrypt a password and store it into a
database. Now I
Thanks every body for your replies!!
It is clear to me that I can not reverse a hased string!!
Thanks!!!
Guirao
-Original Message-
From: Jason Gerfen [mailto:[EMAIL PROTECTED]
Sent: Lunes, 14 de Enero de 2008 02:04 p.m.
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] md5() function
On 4/18/06, Giff Hammar [EMAIL PROTECTED] wrote:
For an example, look at how UNIX/Linux stores regular login passwords. In
short, the salt is the first two characters in the password. When comparing
passwords, you take the salt and the user supplied password, encrypt, then
compare the two
On 4/18/06, Sean Mumford [EMAIL PROTECTED] wrote:
Hi Guys,
I'm working on securing user passwords in a MySQL 4 database with a PHP5
frontend. I remember being told in one of my classes (I'm currently a
college junior) that the best way would be to hash a salt and the password
together and
password matches the original. AFAIK, that is the only way to verify
passwords encrypted with a one-way algorithm.
Giff
-Original Message-
From: chris smith [mailto:[EMAIL PROTECTED]
Sent: Monday, April 17, 2006 4:36 PM
To: Sean Mumford
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] MD5
the original. AFAIK, that is the only way to verify
passwords encrypted with a one-way algorithm.
Giff
-Original Message-
From: chris smith [mailto:[EMAIL PROTECTED]
Sent: Monday, April 17, 2006 4:36 PM
To: Sean Mumford
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] MD5, MySQL, and salts
On 4
,
2006 4:36 PM
To: Sean Mumford
Cc: php-db@lists.php.net
Subject: Re: [PHP-DB] MD5, MySQL, and salts
On 4/18/06, Sean Mumford [EMAIL PROTECTED] wrote:
Hi Guys,
I'm working on securing user passwords in a MySQL 4 database with a
PHP5 frontend. I remember being told in one of my classes (I'm
you need the key to be easily available, so row id or a set date field(one
that does not change as opposed to a timestamp type field)
bastien
From: Sean Mumford [EMAIL PROTECTED]
To: php-db@lists.php.net
Subject: [PHP-DB] MD5, MySQL, and salts
Date: Mon, 17 Apr 2006 15:33:58 -0400
Hi Guys,
Mike Baerwolf wrote:
I'm looking at using md5() and mysql for user auth to some of the data
in a table. I found the following on the php md5 manual page,
$query = INSERT INTO user VALUES ('DummyUser',md5('DummyPassword'));
$password = md5($password);
$query = SELECT * FROM user WHERE
Hi Jerry--
No, md5 is a one-way hash. That's why it's so safe--because if someone
steals the information he still can't tell what the passwords are.
You may want to reset the passwords upon your users' request and send it
to them via e-mail instead.
Cheers,
Marco
--
php|architect -- The
no. we added to old 'password' question to one of the sites I did for this
reason. When the client registered, they picked a question, ssn, mother's
maiden name, dog's name, etc and entered an answer. That way if they lost
their password, they could go to a 'lost password' area, enter their
Marco,
Thanks, that's what I originally thought that it was
one way. So websites that have the option to retrieve
password don't use md5?
I guess technically there MUST be a way to break the
barrier where you can reverse it. If there is a way
to make it there is always a way to break it,
On Tue, 2003-06-24 at 09:08, JeRRy wrote:
I guess technically there MUST be a way to break the
barrier where you can reverse it. If there is a way
to make it there is always a way to break it, somehow.
But what I have heard and read it's very tight
and probably the best method to
9:30 AM
To: JeRRy
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] md5 question!
On Tue, 2003-06-24 at 09:08, JeRRy wrote:
I guess technically there MUST be a way to break the
barrier where you can reverse it. If there is a way
to make it there is always a way to break it, somehow
Hi,
Hmmm okay... So if the passowrd was.
jerry
and the md5 output was
SKHDJHDJDHJDHSfdfs
and another user sets their passowrd to the same as
mine does that mean the md5 output would be identical
to the last as the same password is entered?
e.g.
User 1:
Username: Fred
Password: jerry
User 2:
md5 returns a 32 char hexdec string. I'm not sure where you get an 11
char alpha string from md5...
Since the MD5 is 32 chars in length, with 36 possibilities for each char,
that leaves us with 36^32, or 63340286662973277706162286946811886609896461828096
or
Marco,
Okay I just replied to another post asking if md5
outputs a different output if the same password was
entered by more than 1 user.
I think the answer to that is explained by you below.
If true, if more than 1 user had an identical password
to another the md5 output would be unique for
They would be the same, they have to be. If you can de-crypt it, there has to
be some method of validation. So, if someone choose the same password as you
did, and you stored those in a DB as encrypted with md5, then they would look
identical. So, you would know the other person's password.
On Tue, 2003-06-24 at 09:36, JeRRy wrote:
Hi,
Hmmm okay... So if the passowrd was.
[snip]
There are ways to avoid this. Typically, you can add a random token (or
a salt) to the password before you calculate its checksum. This way, two
users with the same password will have two different
Hi,
Aha... That's what I thought! :) So with md5 I can
retrieve the passwords back to the user if they lose
them via email. That's what I was seeking an answer
to. Thanks so much.
Jerry
--- [EMAIL PROTECTED] wrote: They would be
the same, they have to be. If you can
de-crypt it, there
On Tue, 2003-06-24 at 09:45, JeRRy wrote:
If true, if more than 1 user had an identical password
to another the md5 output would be unique for each
user. So a different md5 output even though the same
password. Because if:
snip
it's mathematically impossible to retrieve
the original
they registered with, if md5() gave you
different output, then you could never verify thier password.
Eddie
-Original Message-
From: JeRRy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 9:45 AM
To: Marco Tabini
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] md5 question!
Marco
Marco,
Aha... Thanks. I guess there is no need to add a salt
if I'm the only admin using the database interface.
But I guess if you want to be more secure etc it would
be best to add it so if someone grabbed the database
they will find no matches.
I really have to look into making my databases
-Original Message-
From: JeRRy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 9:50 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] md5 question!
So with md5 I can
retrieve the passwords back to the user if they lose
them via email.
No, you can't
something here?
Rich
-Original Message-
From: Matt Schroebel [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 9:52 AM
To: JeRRy
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] md5 question!
-Original Message-
From: JeRRy [mailto:[EMAIL PROTECTED]
Sent
:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 9:52 AM
To: JeRRy
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] md5 question!
-Original Message-
From: JeRRy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 9:50 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED
YOU CAN NOT RECOVER THE ORIGINAL TEXT FROM AN MD5 HASH (unless you have a
couple hundred years and nothing to do and want to try all 63*10^48
possibilities).
You can look to see if jerry and bob have the same MD5 hash as their
password, but unless your store their password in plaintext as well as
Most sites save/allow an 8 character password. Allowing alphanumerics and
underscore, period and pound (_, ., #), that is 39^8, or 5,352,009,260,481
or about 5 trillion possible passwords. If you allow more than 8
characters, that number increases.
On Tue, 24 Jun 2003, Marco Tabini wrote:
On
-
From: Matt Schroebel [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 9:52 AM
To: JeRRy
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP-DB] md5 question!
-Original Message-
From: JeRRy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 24, 2003 9:50 AM
To: [EMAIL
My mistake -- I'm wrong here. Through a few emails I learned that it is a
32 character hex value that is returned, not a 32 char alphanumeric. That
reduces my estimate of 63*10^48 to 340*10^36, still more than crypt though.
My bad, sorry to all who believed me without question!
Beckman
On Tue,
PROTECTED]
Subject: Re: [PHP-DB] md5 question!
They would be the same, they have to be. If you can de-crypt
it, there has to
be some method of validation. So, if someone choose the same
password as you
did, and you stored those in a DB as encrypted with md5, then
they would look
On Tuesday 24 June 2003 21:08, JeRRy wrote:
I guess technically there MUST be a way to break the
barrier where you can reverse it. If there is a way
to make it there is always a way to break it, somehow.
Consider that whatever sized input you give it, after it's been md5'ed, you'll
For every password that I store in the database I have found it is the
same string of characters no matter what the original $password is.
That is because you have single quotes around your variable so it is not
being expanded, so everytime it is the MD5 of the same thing, the string
$password.
$preencher = mysql_query(SELECT * FROM alemao);
$update = mysql_query(UPDATE alemao SET codigo =
md5(concat(nome,email)));
mysql_close ($db);
whats wrong with my code? when I tell him to
? if ($update) echo Insert MD5;
else echo No; ?
he returns Insert MD5, but nothing happens in
md5() is a one-way encryption algorithm. So once they are encrypted, you cannot
decrypt them. Just look at the md5() function on the php website. It has what you
need to do. Of course if you eventually need these back
in the clear, then md5 would not be a solution.
-Brad
Chris Payne wrote:
I have to store some CC details in a database which are inputted from
a
form, is MD5() the best way to secure the data? If so, how do I view
MD5() data after it has been inserted? Any good MD5() tutorials out
there?
Please do your users a favor and do not store credit card numbers on
your
I had a similar problem. I think it has to do with the character encoding
of the output hash.
My only resort (very ugly!!) was to have a perl script wich calculated the
hash. The perl script looks like:
#!/usr/bin/perl
use Digest::MD5 qw(md5_base64);
print md5_base64($ARGV[0]);
Maybe your
MD5 doesn't use a salt.
http://www.faqs.org/rfcs/rfc1321.html
Sheridan Saint-Michel
Website Administrator
FoxJet, an ITW Company
www.foxjet.com
- Original Message -
From: Andrey Hristov [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 29, 2001 10:10 AM
Subject: Re: [PHP
- Original Message -
From: Ignat Ikryanov [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 29, 2001 4:45 PM
Subject: [PHP-DB] MD5 (' ')
Hi!
I use md5 function to encrypt users password stored in MySql database.
When I try encrypt string 'asdf' using md5 function I
this relate to your problem? Well maybe md5 thinks your
string has already been encrypted.
Mike
-Original Message-
From: bryan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 27, 2001 4:48 PM
To: Joe Brown; db
Subject: Re: [PHP-DB] md5
Yeah, i am aware of the 32 byte character string
You are aware that md5() generates a 32 byte character string?
Working on the 10 digit password request, have you alotted enough space in
your database columns to cater to a 32 byte string (64 for multibyte)?
BTW: md5 has eaten everything I've thrown at it ;-)
""bryan"" [EMAIL PROTECTED] wrote
y 27, 2001 12:40 PM
Subject: Re: [PHP-DB] md5
You are aware that md5() generates a 32 byte character string?
Working on the 10 digit password request, have you alotted enough space in
your database columns to cater to a 32 byte string (64 for multibyte)?
BTW: md5 has eaten everything I
45 matches
Mail list logo