Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
I think about password saving
in php we use md5() function to encode password.
We have md5 function and output of md5 but we can not get 1st password?
(We have this in all Security functions):crying:
9 replies to this topic
Back to top|
|
|
#2
Posted 21 October 2009 - 07:55 PM
TcM
-
- Members
-
- 11,147 posts
Writes binary right handed and hex left handed
Well, according to some people md5 can be cracked... but I'm not sure how this works exactly.. if you crack the md5, I'm not sure if you will be able to get the original password.
#3
Posted 21 October 2009 - 09:43 PM
Vswe
-
- Members
-
- 9,552 posts
Writes binary right handed and hex left handed
The whole point with md5 is that you can't get the original text back.
#4
Posted 22 October 2009 - 09:11 AM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
MD5 is a hash, not an encryption function. It is not reversible.
#5
Guest_Jordan_*
Posted 22 October 2009 - 09:18 AM
Guest_Jordan_*
Guest_Jordan_*
-
- Guests
You can attempt to find the password by using brute force.
#6
Posted 22 October 2009 - 01:47 PM
Guest
-
- Members
-
- 3,414 posts
Writes binary right handed and hex left handed
There are also md5 search engines that search databases of md5 hashes, so you don't have to use brute force all the time. There is one here. No administrator who knows security would use md5 now. You should use sha2 or a salt for maximum security.
Root Beer == System Administrator's Beer
Download the new operating system programming kit! (some assembly required)
Download the new operating system programming kit! (some assembly required)
#7
Posted 25 October 2009 - 09:27 AM
John
-
- Moderators
-
- 6,321 posts
Writes binary right handed and hex left handed
Rather than using pure brute force, you can also attempt to find the password by using a birthday attack or simply find a collision using the algorithm described by Wang et al.
#8
Posted 13 December 2009 - 09:58 PM
gamers2000
-
- Members
-
- 3 posts
Newbie
I think we're missing the point here.
From what I understand, the original poster thought that MD5 was a encryption algorithm.
If so, Hamed, vswe and WingedPanther are right - MD5 is a hash algorithm. This means that it's a one-way encryption, and you should not be able to obtain the original plaintext from the hash.
I'm not too sure what your system requirements are, but password saving should not require getting the plaintext from the ciphertext. All you need to do is to hash the user input, and compare that with the password hash that you already have, and compare the two hashes. If they are the same, then the user (theoretically) has provided the right password.
From what I understand, the original poster thought that MD5 was a encryption algorithm.
If so, Hamed, vswe and WingedPanther are right - MD5 is a hash algorithm. This means that it's a one-way encryption, and you should not be able to obtain the original plaintext from the hash.
I'm not too sure what your system requirements are, but password saving should not require getting the plaintext from the ciphertext. All you need to do is to hash the user input, and compare that with the password hash that you already have, and compare the two hashes. If they are the same, then the user (theoretically) has provided the right password.
#9
Posted 21 December 2009 - 10:44 PM
zolwang
-
- Members
-
- 3 posts
Newbie
I have the same problem with you,how can i do?
#10
Posted 10 January 2010 - 08:45 PM
hodge-podge
-
- Members
-
- 47 posts
Learning Programmer
Hamed said:
I think about password saving
in php we use md5() function to encode password.
We have md5 function and output of md5 but we can not get 1st password?
(We have this in all Security functions):crying:
in php we use md5() function to encode password.
We have md5 function and output of md5 but we can not get 1st password?
(We have this in all Security functions):crying:
MD5 cannot be crack by knowing its output alone (at least easily). There are ways to crack it, but every way that I know of is very processor intensive, and takes a considerably long time to do. MD5 has been shown to be vulnerable to collisions, maybe you could capitalize on that. A much easier method would be using Rainbow tables. But if the password is salted, Rainbow tables won't guarantee results.
