md5 -&gt; to string

md5 -> to string

spighita

Hello;

        Suppose I would like to return my hash string using the md5 funtion back to its original string.

Thanks in advance for anyone who helps.

SpanKie

good luck!!!

I don't know if this is possible without some type of hacking program. Even still

neon

MD5 is ONLY an ONE WAY hash.

Weedpacket

Originally posted by spighita
Hello;
        Suppose I would like to return my hash string using the md5 funtion back to its original string. 
Thanks in advance for anyone who helps. [/B]

If it were possible it would make MD5 useless. The whole point of MD5 is that it be "...computationally infeasible to ... produce any message having a given prespecified target message digest." - In other words, to turn the md5 hash back into its original string.

spighita

Suppose I wanted to save a password in a database, using md5. Then if the client lost it's password, i would have liked to unhash it and send it back as a string.
What would be the best way to do that., knowing now that I can't use md5.

How can md5 be well used?

Thanks for all the answers.

laserlight

Generate a new password.

Under your scheme, md5 is only good for keeping the password safe when stored.

It does not provide any additional security during transmission.

spighita

Ok, but suppose the user wants to retrieve his password, he can't then. The only way to solve that is for him to change it?

laserlight

well, you could store the original password as well, but use the hash in authentication.

however, that means that there is no security in storage either, aside from the existing security of the database and application code.

superwormy

You'll need to use some form of two-way cryptography if you want to be able to restore the password afterwards.

md5() is NOT what you're looking for.

spighita

What can be the best for what I'm looking for?

Weedpacket

Have a look at the [man]mcrypt[/man] functions (assuming they're installed); these offer two-way encryption.

A thought occurs: for security, these things expect a key string to be used. Many sites that offer password-recovery include a challenge-response test. When the user sets up a password they provide a question and its answer (both get stored; the answer could be MD5ed). If they later want to recover the password, they're asked the question and have to provide the answer to get the password.

This is to prevent any wally from asking for the password (another defence is to email the password to the user, but this assumes that you collect email addresses). But it also has a use for password encryption: the answer could be used as the key to decrypt the password.