is there any function to decrypt the encrypt variable using md5

seisei

is there any function in php5 to decrypt the encrypted variable using md5??
any help would be much appreciated. thank you.

NogDog

Basically, no. MD5 is not encryption, it is hashing (sometimes loosely referred to as "one-way encryption"). If you have an idea how long the source text was, you can use "brute force" or "library" routines to run possible strings through MD5 to find a match. But you cannot algorithmically reverse it.

Horizon88

Like NogDog's said, you can't really reverse the hash, but you can brute-force/guess them.

http://gdataonline.com/seekhash.php is a result of a quick google, which is a database of hashes - if you enter the hash and it's present in the database, it'll return the plaintext. You can also download rainbow tables for MD5 in various charsets to try and get the plaintext, but that's a bit in-depth for a quick reply 😛

seisei

ukie! atleast now i know that once you encrypt theres no way to decrypt thank you!

Weedpacket

seisei wrote:
i know that once you encrypt theres no way to decrypt

Then it's not very good encryption. Like NogDog said, MD5 is not encryption.

nrg_alpha

seisei wrote:
ukie! atleast now i know that once you encrypt theres no way to decrypt thank you!

I am going to go out on a limb here and suspect that many forums utilise one-way encryption for passwords for example.

Ever lose a password on a forum? You have to have a new one issued.. I suspect that when an automated system receives notice that an user lost his/her password, it would be utterly futile to send you your current encrypted one..

so I guess systems generate new ones, email you what the non-encrypted version is, and encrypts the newly set one into the database..that way, you get a password in 'plain english'.. not some bizarre contorted md5 version. But on the database server side.. its encrypted.

Cheers,

NRG

leatherback

Hashed, it is hashed on the server. Encryption is MEANT to be decrypted; by the right person.

nrg_alpha

leatherback wrote:
Hashed, it is hashed on the server. Encryption is MEANT to be decrypted; by the right person.

My bad.

Substitue the word encyption / encripted with hash / hashed in my post 🙂

Cheers,

NRG

nrg_alpha

Guess I was a little off in my musings of how client-side / server databases handle hashed input:

http://www.infocellar.com/networks/Security/hash.htm

Nice to know though. Learning everytime... all along, I'm thinking md5 is full encryption.. go figure.. :quiet:

Cheers,

NRG

bpat1434

Heh... md5 has been "crackable" for years now. There are super computers that given a couple weeks could crack the md5 code.

Now, if php could support SHA2 instead of SHA1 that'd be nice. Much more secure than md5 (less chance of duplicate hashes).

I'd also like to point out that IF you're going to use md5 or sha1 to encrypt a password, don't just encrypt the password. Create a sort of "obfuscation" technique like intermingling the username or some other info about the user into the password and hash that. At least then if they get your password (presumably they have your username anyway) they'll have a slightly harder time to guess at what it is.

If you really want encryption, you'd want to look at the [man]mcrypt[/man] library.

laserlight

Now, if php could support SHA2 instead of SHA1 that'd be nice. Much more secure than md5 (less chance of duplicate hashes).

The hash extension typically supports the SHA-2 family of hash algorithms.

I'd also like to point out that IF you're going to use md5 or sha1 to encrypt a password, don't just encrypt the password.

I think that a salt should always be used, regardless of the hash algorithm.