MD5 Encryption Question

**Titan85** · 01-14-2007, 04:03 AM

I am using the md5 method of encrypting my passwords stored in my users database and it works fine and all, but I found an issue while trying to make an edit function for the passwords. Since the password is entered into the database as an md5 hash, when I echo it for editing, it show the hash. Is there any way to reverse the encryption to display the password as what it is?

**apollo** · 01-14-2007, 04:33 AM

Basically md5() is not reverible, the standard practice is to issue a new replacement password, rather than attempting to edit it! The user can edit the password by changing it!

More Info...
http://archives.devshed.com/forums/p...5t-101197.html

**thetestingsite** · 01-14-2007, 04:33 AM

With md5, there is no decryption that is avalible. That is what makes md5 encryption so secure. At least what I am aware of. TYou could make two columns in the user table that has the md5 hash of the password as well as the plain text password, or you could use your own ecryption (not recommended).

Hope this helps.

EDIT: Sorry apollo, posted at the same time I guess.

**Titan85** · 01-14-2007, 04:37 AM

Thanks guys, I guess I'll have to figure another way of doing this.

**thetestingsite** · 01-14-2007, 04:42 AM

Well, the way I made some of my "somewhat secure" programs was by making the user type in the old password (as well as the new passwords and a confirmation of the new password) and compare against my database, if the username/password (md5 for the password) combination was correct, as well as the new password and confirm password were matching, I would update the mysql database.

Hope this helps.

EDIT: This is in the change password part of the "program", if not understood from first reading the entire post.

**Titan85** · 01-14-2007, 06:25 AM

Originally Posted by thetestingsite

Well, the way I made some of my "somewhat secure" programs was by making the user type in the old password (as well as the new passwords and a confirmation of the new password) and compare against my database, if the username/password (md5 for the password) combination was correct, as well as the new password and confirm password were matching, I would update the mysql database.

Hope this helps.

EDIT: This is in the change password part of the "program", if not understood from first reading the entire post.

Thanks, thats basically all I really need to do

**Twey** · 01-14-2007, 01:42 PM

You could make two columns in the user table that has the md5 hash of the password as well as the plain text password

... thus completely defeating the point of having the passwords hashed in the first place?

**boxxertrumps** · 01-15-2007, 12:30 AM

there's also the Prospect Of Adding another value to increase the security, like generating a hash value with the combined username and password.

So... Its twice As impossible To decrypt....

**Titan85** · 01-15-2007, 02:19 AM

Originally Posted by boxxertrumps

there's also the Prospect Of Adding another value to increase the security, like generating a hash value with the combined username and password.

So... Its twice As impossible To decrypt....

Yeah, I heard about that, but haven't tried it yet because for what I am doing, its kinda overkill

**alexjewell** · 01-15-2007, 02:43 AM

Yeah, that'd be overkill.
Go with thetestingsite's idea

Thread: MD5 Encryption Question

Thread Tools

Search Thread

MD5 Encryption Question

Bookmarks

Bookmarks

Posting Permissions