get the ture results

Anon

Hi All

need help in the following

I use md5 to encrypt a password
Trying to setup a lost password fuction to send the user there password via email if they provide the correct info.

problem is they will get the encrypted version of there password

how can i decrypt it so the get the word they used see example

password is drmpt5
encrypted version is c6feb6f511a39f06a83873808a4f094f
which is stored on DB

How can I pull this an convert it back to
drmpt5

TIA

Richie TM

maxholman

Hi Richie

Unfortunately MD5 is a one way algorithm, therefore you cannot 'decrypt' an MD5 hash and get the original string.

maxholman

If a user loses their password, generate a new one, and send it to them.

Then give them the option to change it afterwards.

Anon

Unfortunately, the people who create these hashing algorithms that we tend to use for encryption, try to create it in such a way that you are UNABLE to reverse the results. That is kind of the true purpose of encryption, anyway. If you could simply get the actual value from the md5 hash, why would you store it in that format and not the plain text format?

Chris King

Anon

Problem is if you send a new secure password that is lets say encrypted with the username and a secure word...

it dosen't matter because if you md5 it on creation you must md5 it on login so that way the words match or they won't match.

create new password
substr(md5($user_name.$word)

if this value is
usernamehidden

don't they need to kown that word when logging in

because if the get the encrypted version say
e34jdys786sa7yda9sh

This also will be encrypted when login and words wont match

Richie

maxholman

Generate the password, update the login details with the MD5 hash, then mail the user with the plain text password.

Also, it's probably a good idea to force the user to change their password after their first login with the new details.

That should work.

Max