...

View Full Version : MD5 encription



fergie223
08-24-2006, 02:59 PM
Alright I have developed a login system which uses MD5 with user_password function. Then i made a viewallDetails.php page which shows the usernames and the MD5 passwords. The problem is that i want to be able to see the MD5 passwords unencripted for my viewallDetails.php.


eg. viewallDetails.php as it is now

fergie223 (85094ce519ee14bf8b29414943a05025)

tom (85094ce519ee14bf8b29414943a05025)

i would like the output to be

fergie223(12345)

tom(5555)


cheers in advance:thumbsup:

Anthony2oo4
08-24-2006, 03:16 PM
not possible, obviously for security reasons.

saecula
08-24-2006, 10:04 PM
MD5 is hash not encryption, main difference is encryption is reversable, hash is not. Storing plain text passwords is just dumb.

Intermezzo
08-24-2006, 11:21 PM
fergie223 (85094ce519ee14bf8b29414943a05025)

tom (85094ce519ee14bf8b29414943a05025)


However, these values are "unencrypted": 74656 :P

Nightfire
08-25-2006, 12:14 AM
You can get what the md5 hash is storing easily if you know where to look.

As Intermezzo replied, the hash is 74656.

But why do you want to see peoples passwords? If people have forgotten their password, send them a random one (not generated by you) via email (not sent by you, but by the script that created the random password), then let them change it

Intermezzo
08-25-2006, 10:05 PM
But why do you want to see peoples passwords? If people have forgotten their password, send them a random one (not generated by you) via email (not sent by you, but by the script that created the random password), then let them change it

Correct. I do the same thing in my portal-script. If I were a bad admin i could save all passwords in plaintext - but that isn't fair to the users. I could login in maybe there mail-account or someone hacks my DB and could do the same thing. Always use MD5 or SHA1. ;)

Sayonara
08-26-2006, 12:09 AM
As has been mentioned, MD5 is a form of hashing which is one-way.

If you want two-way encryption/decryption, there are various options available. A very popular one is mySQL's AES_ENCRYPT function.

iota
08-26-2006, 03:37 PM
Nice discussion on security issue.:)

For me, If I have to store passwords in text, I always store it in php file with sha1 or md5.

Never save your file with extension .inc for (INCLUDE), if you haven't set this as php extension,too.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum