Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8

Thread: MD5 encription

  1. #1
    New to the CF scene
    Join Date
    Jun 2006
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    MD5 encription

    Alright I have developed a login system which uses MD5 with user_password function. Then i made a viewallDetails.php page which shows the usernames and the MD5 passwords. The problem is that i want to be able to see the MD5 passwords unencripted for my viewallDetails.php.


    eg. viewallDetails.php as it is now

    fergie223 (85094ce519ee14bf8b29414943a05025)

    tom (85094ce519ee14bf8b29414943a05025)

    i would like the output to be

    fergie223(12345)

    tom(5555)


    cheers in advance

  • #2
    Regular Coder
    Join Date
    Jul 2004
    Posts
    201
    Thanks
    8
    Thanked 1 Time in 1 Post
    not possible, obviously for security reasons.

  • #3
    New Coder
    Join Date
    Aug 2006
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    MD5 is hash not encryption, main difference is encryption is reversable, hash is not. Storing plain text passwords is just dumb.

  • #4
    New Coder
    Join Date
    Aug 2006
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by fergie223
    fergie223 (85094ce519ee14bf8b29414943a05025)

    tom (85094ce519ee14bf8b29414943a05025)
    However, these values are "unencrypted": 74656 :P

  • #5
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,266
    Thanks
    6
    Thanked 48 Times in 48 Posts
    You can get what the md5 hash is storing easily if you know where to look.

    As Intermezzo replied, the hash is 74656.

    But why do you want to see peoples passwords? If people have forgotten their password, send them a random one (not generated by you) via email (not sent by you, but by the script that created the random password), then let them change it

  • #6
    New Coder
    Join Date
    Aug 2006
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Nightfire
    But why do you want to see peoples passwords? If people have forgotten their password, send them a random one (not generated by you) via email (not sent by you, but by the script that created the random password), then let them change it
    Correct. I do the same thing in my portal-script. If I were a bad admin i could save all passwords in plaintext - but that isn't fair to the users. I could login in maybe there mail-account or someone hacks my DB and could do the same thing. Always use MD5 or SHA1.

  • #7
    Regular Coder
    Join Date
    Oct 2004
    Posts
    256
    Thanks
    0
    Thanked 0 Times in 0 Posts
    As has been mentioned, MD5 is a form of hashing which is one-way.

    If you want two-way encryption/decryption, there are various options available. A very popular one is mySQL's AES_ENCRYPT function.

  • #8
    Registered User
    Join Date
    Oct 2004
    Posts
    592
    Thanks
    0
    Thanked 1 Time in 1 Post
    Nice discussion on security issue.

    For me, If I have to store passwords in text, I always store it in php file with sha1 or md5.

    Never save your file with extension .inc for (INCLUDE), if you haven't set this as php extension,too.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •