how to decrypt the md5 encrypted password

The whole idea behind a one way encryption is to generate a hashed value that cannot be decrypted to reveal the original string.

That's the reason that when dealing with lost passwords administrators typically reset it to a new value.

@savyatha
could u plz send me code how to encrypt password

md5 is supposed to be a one way encryption. The reason you use it, is so only the user knows their password, but you can still validate the password.
How you validate it is to create an md5 hash of the password supplied by the user, and compare that with the md5 hash of the password in the database.

eg: pseudo code
[code=php]
$user = $_POST['user']; // username from form
$password = $_POST['password']; // password sent from from
$hash = md5($password);

// query the db for the user and password combo
$userid = query("select id from users where username = '".clean($user) ." ' and passowrd = '".clean($hash) ."' LIMIT 1";

if ($userid !== false) {
// authentication passed
} else {
// auth failed
}

// note:
// clean() is is your custom function that escapes mysql input
// query() is your custom function that queries the db, and returns false on a null resultset
// $userid !== false is used instead of $userid != false since the userid may be 0, see "type comparisons"..

[/code]

You should try using sha1() instead of md5() as it is harder to find collisions in sha1(). But make sure your php supports it.

eg:

[code=php]if (function_exist s('sha1')) {
// use sha1
} else {
// fallback to md5
}[/code]

Well you can't decrypt it directly. Md5 it's one way hash function. But there are some limited choices, like a huge database with md5 decrypted strings. You can try this Md5 decrypter tool.

how to encrypt and decrypt the password

Hai,

Good Evening,

I'm doing a small project using python and MySQL in APPLE MACINTOSH.
I want to decrypt the password using md5 algorithm. Is it possible or not.
If not possible then how to encrypt the password and decrypt the password give some example. Please help me.

Thanks in advance

Warm Regards,
Srinivas

As noted before, md5() is a hashing algorithm, meaning it's a one way street.

You can create your own encryption class, if you like.

However, you should never know the value sensitive data. If you ever need to compare user input to a hashed piece of data, simply compare a hashed version of the user input to the already hashed data.

exacly what i was about to say :)

what you can do is save the original(unhash ed) password in your database next to it's hashed brother :)
doing this, you can give a mail a user his password if he asks. it will make your website a bit less safe though since the moderator can log in as any user since he knows username and password.

to prevent this you can encrypt that password with triple DES or AES or something alike. but that would make the md5 password unneccesary.

lets say, your security is only as strong as it's weakest password.

Best practices would not let you keep a human readable form of a password. It's damn right rude ;)

depends, if you keep it quiet it is.
if you tell them in a 10 pages long privacy explaination, it's more then rude. it's pure evil.
but if you tell them in a short line, it isn't. then it's for the user to decide wether or not he will join. you won't have much members though.

still i think the best way to make a login is to make function in which you mail a new password to the user. i dont think programming an AES or triple DES in php is possible. but feel free to look for a tool:)

Hi 2 all ., if you encrypted a password using md5 means ., there is no way to decrypt it ., so you need to use base64_decode and base64_encode

base64_encode code:
out put :VGhpcyBpcyBhbi BlbmNvZGVkIHN0c mluZw==

base64_decode code
out put :This is an encoded string

@Ciary,

It's always possible, even if you have to shell out to an external support function to do the work. (Yes, I know - expensive and evil; still, a standard way of re-using existing tools.)

The algorithms are open, another option is to just port them to a PHP module and have done with.

@Markus,
I agree that keeping a human readable form of the password is stupid. A lot of sites do business that way, though. Of course, the first time they're cracked, that practice goes by the wayside.

The way that I like to work is to accept a password and send an e-mail. If the user follows the time-limited link and confirms the password, then they're likely legit. If not, log and purge the new account.

Cheers!
Oralloy