I want to echo
account details of users, which is fine for plain text but I have md5 hashed passwords in the database. I would like to display the password in asterisks so the only variable would be the length of the the password. So if someones password was cat
it would show: Password: ***
and if someone else's was hippopotamus
it would show: Password: ************
however with the password encrypted this seems difficult. although websites like eBay and Facebook do have this and they must encrypt users passwords.
can anyone shed any light on this problem. Thanks
It is impossible. There is no way to tell the length of the input data that was used to generate an md5 hash.
websites like ebay and facebook do have this and they must encrypt users passwords
If they do (and I hope they don't as it would leak data about the password to the public, making it much easier to crack), then they would have to store the length of the input string as well as the hashed password.
It is possible that what you are seeing is the browser auto-filling the password field for you. The asterisks being the standard masking character used (by browsers) to reduce the effectiveness of "peeking over the shoulder" attacks.
You could just store the length of the password in the database when it is intitially hashed/salted. BUT the whole point of hashing/salting is to prevent the password from being compromised if the db is stolen. If the db is stolen, knowing the length of the password is a great security compromise.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.