stackoom
  简体   繁体   中英

Is is possible to decrypt MD5 passwords?

 原文  2013-02-19 09:39:45       php/ mysql

Question

我想知道是否可以解密MD5密码

3 answers

solution1
 4 ACCPTED  2013-02-19 09:42:40

I generate passwords to the users automatically using md5

Don't. MD5 isn't safe .

how to I encrypt these passwords and I view them like a real password

I think you mean "decrypt". You can't. MD5 is a hashing algorithm, it is designed to be non-reversible.

Don't generate passwords for your users. Your process should be:

  1. User generates password
  2. User sends password to you over SSL
  3. You hash the password (not with MD5)
  4. You store the hashed password

When the user logs in:

  1. User sends password to you over SSL
  2. You hash the password
  3. You compare the hashed password with the hash in your database

solution2
 1  2013-02-19 09:49:11

Just store them in the database encrypted - that's what it's for.

Generate a password: 

$characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
$your_password_length = 8;
$password_unencrypted = '';
for ($i = 0; $i < $your_password_length; $i++) {
  $password_unencrypted .= $characters[rand(0, strlen($characters) - 1)];
}

Now encrypt it 

$password_encrypted = md5($password_unencrypted);

Now you have two variables - password_unencrypted and password_encrypted. You can send the password_unencrypted to the user via mail for example, but DB should contain an encrypted password. When user logs in you should compare his encrypted input with the encrypted password in the DB: 

//..get the md5 from DB to $password_encrypted and then
if (md5($_POST['users_password_in_form']) == $password_encrypted){
// ...log in...
}

solution3
 1  2013-04-10 16:08:24

About password and database secure, minding that the only way to user have acess to the password s is if he somehow acess the database itself (probably he got the password), so does it really make s diference if the password is hashed or encrypted? I m asking cause we are trying to protect the user password, but if someone has acess to the database, he dont need the user password, he can make the changes on the database itself, and about the encrypting, i find on php manual that blowfish is the most indicated, but i ve found a online decrypter in the first result search in google. What you think about that? Thank you in advance.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Not matching md5 passwords encrypt and decrypt md5 SQL Update of MD5 Passwords Importing MD5+Salt Passwords to MD5 Display MD5 hashed passwords as asterisked text Php md5 Passwords on C# Client Going from unsalted to salted MD5 passwords Comparing MD5 hashed passwords is not working Query MySql database with md5 passwords Fetching (not decrypt) md5 password from database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM