可以解密MD5密码吗?
[英]Is is possible to decrypt MD5 passwords?
问题描述
我想知道是否可以解密MD5密码
3 个解决方案
解决方案1
4 已采纳 2013-02-19 09:42:40
I generate passwords to the users automatically using md5
我使用md5自动为用户生成密码
Don't. 别。 MD5 isn't safe . MD5不安全 。
how to I encrypt these passwords and I view them like a real password
I think you mean "decrypt". 我认为您的意思是“解密”。 You can't. 你不能 MD5 is a hashing algorithm, it is designed to be non-reversible. MD5是一种哈希算法,它被设计为不可逆的。
Don't generate passwords for your users. 不要为您的用户生成密码。 Your process should be: 您的流程应为:
- User generates password 用户生成密码
- User sends password to you over SSL 用户通过SSL向您发送密码
- You hash the password (not with MD5) 您对密码进行哈希处理(不适用于MD5)
- You store the hashed password 您存储哈希密码
When the user logs in: 用户登录时:
- User sends password to you over SSL 用户通过SSL向您发送密码
- You hash the password 您对密码进行哈希处理
- You compare the hashed password with the hash in your database 您将哈希密码与数据库中的哈希进行比较
解决方案2
1 2013-02-19 09:49:11
Just store them in the database encrypted - that's what it's for. 只需将它们存储在加密的数据库中即可—就是为了这个目的。
Generate a password: 生成密码:
$characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
$your_password_length = 8;
$password_unencrypted = '';
for ($i = 0; $i < $your_password_length; $i++) {
$password_unencrypted .= $characters[rand(0, strlen($characters) - 1)];
}
Now encrypt it 现在加密
$password_encrypted = md5($password_unencrypted);
Now you have two variables - password_unencrypted and password_encrypted. 现在,您有两个变量-password_unencrypted和password_encrypted。 You can send the password_unencrypted to the user via mail for example, but DB should contain an encrypted password. 例如,您可以通过邮件将password_unencrypted发送给用户,但是DB应该包含一个加密的密码。 When user logs in you should compare his encrypted input with the encrypted password in the DB: 用户登录时,应将其加密输入与数据库中的加密密码进行比较:
//..get the md5 from DB to $password_encrypted and then
if (md5($_POST['users_password_in_form']) == $password_encrypted){
// ...log in...
}
解决方案3
1 2013-04-10 16:08:24
About password and database secure, minding that the only way to user have acess to the password s is if he somehow acess the database itself (probably he got the password), so does it really make s diference if the password is hashed or encrypted? 关于密码和数据库的安全性,请注意让用户使用密码s is if he somehow acess the database itself (probably he got the password), so does it really make的唯一方法s is if he somehow acess the database itself (probably he got the password), so does it really make如果密码是散列或加密的s is if he somehow acess the database itself (probably he got the password), so does it really make有所不同? I m asking cause we are trying to protect the user password, but if someone has acess to the database, he dont need the user password, he can make the changes on the database itself, and about the encrypting, i find on php manual that blowfish is the most indicated, but i ve found a online decrypter in the first result search in google. 我m asking cause we are trying to protect the user password, but if someone has acess to the database, he dont need the user password, he can make the changes on the database itself, and about the encrypting, i find on php manual that blowfish is the most indicated, but i在Google的第一个结果搜索中找到了一个在线解密程序。 What you think about that? 您对此有何看法? Thank you in advance. 先感谢您。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.