Jump to content
xisto Community
Sign in to follow this  
farsiscript

Convert Md5 question

Recommended Posts

hi alli write login and register system , my password is convert to md5 and then save in sql . but i want to write c password for this script !but i can not convert md5 password to text password for example my user register at my script but can not recover his password in forget password ap ,i search at php.net but i can not find any sample or function if you know about that plz help me to complete thi script, thanks all :)

Share this post


Link to post
Share on other sites

I can't really tell what you're asking for, but if you mean something to convert md5 to plain text, it can't reasonably be done. There are md5 dictionaries which are basically huge databases of md5 codes and their text equivalents but they often take a long time to find the text and they don't have anywhere near every possible code. If you want to be able to access passwords in plain text then you'll have to store them in plain text.

Share this post


Link to post
Share on other sites

The whole point of MD5 is that it is a one way encryption, for passwords etc. It is impossible for you to look up what the password is and is basically quite secure. If you start storing passwords as plain text then you open your system up to all sorts of problems and obviously hacking.The best option for recovering a password to to ask for the user's email address that they used when they signed up. Then, if the email address matches the one in the database, you generate a random password of 8 digits and change their password to that. You then also email the password to them, so that if someone else has tried to reset it, they can't see what the password is without getting into their email account, adding that bit of extra security. This does mean that you will have to make sure that no two email addresses are the same in the database.

Share this post


Link to post
Share on other sites

I don't have time to explain, but if i understood well, you want a md5 cracker, a program to crack the md5, if that is what you want, there is a simple program named md5crack.If it is not what you want, sorry, but you have to improve your english, at least your writing in english language, because most of the phrases i did not understand, sorry to say so.Oh, and by the way, md5 can be cracked, not only with the above tool, but also with other programs and tools, it is not impossible as the majority think.

Edited by Lyon2 (see edit history)

Share this post


Link to post
Share on other sites

Oh, and by the way, md5 can be cracked, not only with the above tool, but also with other programs and tools, it is not impossible as the majority think.

MD5 hashes can be 'cracked'. There is no question of that, and most people who deal with the 'message digest' algorithm are aware of it. It simply cannot be reversed - it is a one-way encryption algorithm, meaning once the 16 byte binary hash has been calculated, it can never be directly turned back into its original form (although there has been talk of it being possible to reverse the algorithm - but as cryptography isn't really my area, I couldn't tell you much more than that I've simply heard rumour of it).

The way MD5 'crackers' work is by taking a list of passwords (either from a dictionary file or from those which it has generated), and encrypting each one using the same algorithm that the original password was encrypted with. The encrypted string is then checked against the string that was originally given to it to 'crack' - if they match, it obviously knows the plaintext form of the password, as the value of a hash is constant (eg. 'abc' will always be equal to '900150983cd24fb0d6963f7d28e17f72' in hexadecimal form when hashed - it does not vary at all as some other, usually reversable, encryption algorithms may).

Anyway, this is all getting very off-topic... farsiscript, to address your solution simply, let me just say that it is never possible to reverse an MD5 hash, and you will therefore be unable to recover the passwords stored in the database in encrypted form. The only possible way would be to 'crack' each one individually - a process that could literally take years. If you need to be able to access passwords in plaintext, you must either store them as such, or encrypted using a simple reversable algorithm.

The only thing I could suggest is forcing all users to log out, and then storing their passwords in plaintext form in the database next time they log back in (obviously after checking them against the hash, as per the normal login process).

Share this post


Link to post
Share on other sites

thanks dears Spectre and Lyon2 and rvalkass and beeseven
i think better way to change password in forget part of script is generate a random password .
i think i can write this code

$NewPass = RAND (1,100);$NewPass= Md5($NewPass);

plz tell me my way to generate a new password is true ?
thanks all

Share this post


Link to post
Share on other sites

The way most systems that use MD5 to protect user passwords, such as IPB, allow for password retrieval is by resetting the password to something random (although I would recommend using at least 6 alphanumer characters, rather than a digit) after email confirmation. Here's a very quick example of generating a random password:

$pass_string = '';// Make password a random length between 6 and 12 characters.$length = rand(6,12);for( $i=0;$i<$length;$i++ ) {   // Randomly decided whether next character is a letter or number.   $alpha_numeric = rand(0,5);   if( $alpha_numeric <= 4 ) {	  // Randomly decide whether next letter character is upper- or lower-case.	  if( $alpha_numeric <= 1 ) {		 $pass_string .= chr(rand(65,90));	  } else {		 $pass_string .= chr(rand(97,122));	  }   } else {	  $pass_string .= rand(0,9);   }}

Edited by Spectre (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.