md5

Anon

Is there anyway to reverse engineer an md5 hash?

I have a passwd stored in a database that a hash of a static variable and a password variable chosen by the user. I want to be able to take the hash and extract the password so it can be sent to the user when they've forgotten it. At present I just keep a seperate table with the password's in them; although this is restricted access (root only) I don't want to be doing it like this.

--
Nick Gushlow

Anon

Just found out, it's a one way encryption. Very secure but not much bloody use. What is the point of being able to encrypt if yo can't decrypt.

Any ideas on what else I could use?

--
Nick Gushlow

Anon

If the user forgets their password, reset it to a random password and email that.

Anon

Comparison.

When a user provides a password, you compare its md5 value with the stored md5 value.

If you store only the md5 value and never the password, it can't be stolen. Cracking the system and gaining access to the database doesn't let the cracker know the passwords.

md5 also is useful for a lot of other tasks where a digital fingerprint can be helpful. For example, there's a story today at www.inside.com about the potential for md5 as a tool for cutting down on audio track piracy in a distributed file-sharing environment (i.e., Napster).

Anon

I just had that very same thought thanks!

I know how to generate random numbers as I do it for session ids, but is there a way to generate a random string of characters and numbers?

Anon

One method would be to create a string with all possible characters and generate a random number from 0 to length of the string and use the random number for an index into the string.

Another method, and the one I use, I got from a tutorial on e-comerence systems and has a function like this:

function generate_password($maxlen=10) {
/ returns a randomly generated password of length $maxlen. inspired by
http://www.phpbuilder.com/columns/jesus19990502.php3 */

    global $CFG;

    $fillers = "1234567890!@#$%&*-_=+^";
    $wordlist = file($CFG->wordlist);

    srand((double) microtime() * 1000000);
    $word1 = trim($wordlist[rand(0, count($wordlist) - 1)]);
    $word2 = trim($wordlist[rand(0, count($wordlist) - 1)]);
    $filler1 = $fillers[rand(0, strlen($fillers) - 1)];

    return substr($word1 . $filler1 . $word2, 0, $maxlen);

}

The only other requirement is that you have a file with a list of words in it.

Anon

The function was written by Ying Zhang and is located at DevShed.

http://www.devshed.com/Server_Side/PHP/Commerce1/page1.html

Anon

Thanks guys. You've definitely saved my bacon. I'll let you know if I get it all to work.

Nick.