Convert Md5 question

[farsiscript 0]

hi alli write login and register system , my password is convert to md5 and then save in sql . but i want to write c password for this script !but i can not convert md5 password to text password for example my user register at my script but can not recover his password in forget password ap ,i search at php.net but i can not find any sample or function if you know about that plz help me to complete thi script, thanks all

[beeseven 0]

I can't really tell what you're asking for, but if you mean something to convert md5 to plain text, it can't reasonably be done. There are md5 dictionaries which are basically huge databases of md5 codes and their text equivalents but they often take a long time to find the text and they don't have anywhere near every possible code. If you want to be able to access passwords in plain text then you'll have to store them in plain text.

[rvalkass 5]

The whole point of MD5 is that it is a one way encryption, for passwords etc. It is impossible for you to look up what the password is and is basically quite secure. If you start storing passwords as plain text then you open your system up to all sorts of problems and obviously hacking.The best option for recovering a password to to ask for the user's email address that they used when they signed up. Then, if the email address matches the one in the database, you generate a random password of 8 digits and change their password to that. You then also email the password to them, so that if someone else has tried to reset it, they can't see what the password is without getting into their email account, adding that bit of extra security. This does mean that you will have to make sure that no two email addresses are the same in the database.

[Lyon2 0]

I don't have time to explain, but if i understood well, you want a md5 cracker, a program to crack the md5, if that is what you want, there is a simple program named md5crack.If it is not what you want, sorry, but you have to improve your english, at least your writing in english language, because most of the phrases i did not understand, sorry to say so.Oh, and by the way, md5 can be cracked, not only with the above tool, but also with other programs and tools, it is not impossible as the majority think.

Edited June 19, 2006 by Lyon2 (see edit history)

[Spectre 0]

Oh, and by the way, md5 can be cracked, not only with the above tool, but also with other programs and tools, it is not impossible as the majority think.

MD5 hashes can be 'cracked'. There is no question of that, and most people who deal with the 'message digest' algorithm are aware of it. It simply cannot be reversed - it is a one-way encryption algorithm, meaning once the 16 byte binary hash has been calculated, it can never be directly turned back into its original form (although there has been talk of it being possible to reverse the algorithm - but as cryptography isn't really my area, I couldn't tell you much more than that I've simply heard rumour of it).

The way MD5 'crackers' work is by taking a list of passwords (either from a dictionary file or from those which it has generated), and encrypting each one using the same algorithm that the original password was encrypted with. The encrypted string is then checked against the string that was originally given to it to 'crack' - if they match, it obviously knows the plaintext form of the password, as the value of a hash is constant (eg. 'abc' will always be equal to '900150983cd24fb0d6963f7d28e17f72' in hexadecimal form when hashed - it does not vary at all as some other, usually reversable, encryption algorithms may).

Anyway, this is all getting very off-topic... farsiscript, to address your solution simply, let me just say that it is never possible to reverse an MD5 hash, and you will therefore be unable to recover the passwords stored in the database in encrypted form. The only possible way would be to 'crack' each one individually - a process that could literally take years. If you need to be able to access passwords in plaintext, you must either store them as such, or encrypted using a simple reversable algorithm.

The only thing I could suggest is forcing all users to log out, and then storing their passwords in plaintext form in the database next time they log back in (obviously after checking them against the hash, as per the normal login process).

[farsiscript 0]

thanks dears Spectre and Lyon2 and rvalkass and beeseven
i think better way to change password in forget part of script is generate a random password .
i think i can write this code

$NewPass = RAND (1,100);$NewPass= Md5($NewPass);

plz tell me my way to generate a new password is true ?
thanks all

[Spectre 0]

The way most systems that use MD5 to protect user passwords, such as IPB, allow for password retrieval is by resetting the password to something random (although I would recommend using at least 6 alphanumer characters, rather than a digit) after email confirmation. Here's a very quick example of generating a random password:

$pass_string = '';// Make password a random length between 6 and 12 characters.$length = rand(6,12);for( $i=0;$i<$length;$i++ ) {   // Randomly decided whether next character is a letter or number.   $alpha_numeric = rand(0,5);   if( $alpha_numeric <= 4 ) {	  // Randomly decide whether next letter character is upper- or lower-case.	  if( $alpha_numeric <= 1 ) {		 $pass_string .= chr(rand(65,90));	  } else {		 $pass_string .= chr(rand(97,122));	  }   } else {	  $pass_string .= rand(0,9);   }}

Edited June 22, 2006 by Spectre (see edit history)