Page 1 of 5 123 ... LastLast
Results 1 to 10 of 45

Thread: MD5 Encryption Question

  1. #1
    Join Date
    Aug 2006
    Location
    Ohio
    Posts
    266
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default MD5 Encryption Question

    I am using the md5 method of encrypting my passwords stored in my users database and it works fine and all, but I found an issue while trying to make an edit function for the passwords. Since the password is entered into the database as an md5 hash, when I echo it for editing, it show the hash. Is there any way to reverse the encryption to display the password as what it is?

  2. #2
    Join Date
    Jan 2007
    Location
    Boulder City, Nevada
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Basically md5() is not reverible, the standard practice is to issue a new replacement password, rather than attempting to edit it! The user can edit the password by changing it!

    More Info...
    http://archives.devshed.com/forums/p...5t-101197.html

  3. #3
    Join Date
    Sep 2006
    Location
    St. George, UT
    Posts
    2,769
    Thanks
    3
    Thanked 157 Times in 155 Posts

    Default

    With md5, there is no decryption that is avalible. That is what makes md5 encryption so secure. At least what I am aware of. TYou could make two columns in the user table that has the md5 hash of the password as well as the plain text password, or you could use your own ecryption (not recommended).

    Hope this helps.

    EDIT: Sorry apollo, posted at the same time I guess.
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
    TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design

  4. #4
    Join Date
    Aug 2006
    Location
    Ohio
    Posts
    266
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thanks guys, I guess I'll have to figure another way of doing this.

  5. #5
    Join Date
    Sep 2006
    Location
    St. George, UT
    Posts
    2,769
    Thanks
    3
    Thanked 157 Times in 155 Posts

    Default

    Well, the way I made some of my "somewhat secure" programs was by making the user type in the old password (as well as the new passwords and a confirmation of the new password) and compare against my database, if the username/password (md5 for the password) combination was correct, as well as the new password and confirm password were matching, I would update the mysql database.

    Hope this helps.

    EDIT: This is in the change password part of the "program", if not understood from first reading the entire post.
    Last edited by thetestingsite; 01-14-2007 at 04:48 AM.
    "Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music." - Kristian Wilson, Nintendo, Inc, 1989
    TheUnlimitedHost | The Testing Site | Southern Utah Web Hosting and Design

  6. #6
    Join Date
    Aug 2006
    Location
    Ohio
    Posts
    266
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by thetestingsite View Post
    Well, the way I made some of my "somewhat secure" programs was by making the user type in the old password (as well as the new passwords and a confirmation of the new password) and compare against my database, if the username/password (md5 for the password) combination was correct, as well as the new password and confirm password were matching, I would update the mysql database.

    Hope this helps.

    EDIT: This is in the change password part of the "program", if not understood from first reading the entire post.
    Thanks, thats basically all I really need to do

  7. #7
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,878
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    You could make two columns in the user table that has the md5 hash of the password as well as the plain text password
    ... thus completely defeating the point of having the passwords hashed in the first place?
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  8. #8
    Join Date
    Jun 2006
    Location
    Acton Ontario Canada.
    Posts
    677
    Thanks
    0
    Thanked 1 Time in 1 Post

    Default

    there's also the Prospect Of Adding another value to increase the security, like generating a hash value with the combined username and password.

    So... Its twice As impossible To decrypt....
    - Ryan "Boxxertrumps" Trumpa
    Come back once it validates: HTML, CSS, JS.

  9. #9
    Join Date
    Aug 2006
    Location
    Ohio
    Posts
    266
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by boxxertrumps View Post
    there's also the Prospect Of Adding another value to increase the security, like generating a hash value with the combined username and password.

    So... Its twice As impossible To decrypt....
    Yeah, I heard about that, but haven't tried it yet because for what I am doing, its kinda overkill

  10. #10
    Join Date
    Mar 2006
    Location
    Cleveland, Ohio
    Posts
    574
    Thanks
    6
    Thanked 5 Times in 5 Posts

    Default

    Yeah, that'd be overkill.
    Go with thetestingsite's idea
    Thou com'st in such a questionable shape
    Hamlet, Act 1, Scene 4

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •