password decryption

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • waqasahmed996
    New Member
    • Jun 2008
    • 160

    password decryption

    hi to all
    we have a access to a mysql database in which password is in encrypted form in password field. i want to read actual password. how can i do that.

    i need to know if i am not clear in my question
  • Markus
    Recognized Expert Expert
    • Jun 2007
    • 6092

    #2
    What function do you use to encrypt the password? You should never need to see an unencrypted password. Say you use md5() to encrypt it, to see whether a provide password matches it, md5() the new password against the password in the database.

    Comment

    • nathj
      Recognized Expert Contributor
      • May 2007
      • 937

      #3
      If it is because a user has forgotten their password then you need to authenticate them by username and email address and then send a new randomly generated password to the stored email address. They can then use that to log in and change their password. This is how most sites work.

      As Markus said only the password owner - site user, should know the password.

      nathj

      Comment

      • waqasahmed996
        New Member
        • Jun 2008
        • 160

        #4
        actually we are transfer our data from mysql to sql server. so there is many account holder already exist with their user name and password. i want to enter same password in sql server. that's why i need to decrypt that passwords

        i am using md5() for encryption. so please any idea to decrypt md5() encrypted passwords in php.

        Comment

        • TheServant
          Recognized Expert Top Contributor
          • Feb 2008
          • 1168

          #5
          The whole point of encrypting passwords is that it is practically impossible to "decrypt" it with another function. I am sure it could be done if the encryption system was known, but that would defeat the whole point of having it.

          The only way to find out what an md5()'d password is, is to guess it and compare md5(your guess) to the original string. So unlikely you are going to do that.

          If you are moving servers why don't you just encrypt passwords with php and store it in the SQL server? As in why can't you just copy it over and treat it exactly the same? All it means is you can't use MySQL function, but using php should be the same shouldn't it?

          Comment

          • nathj
            Recognized Expert Contributor
            • May 2007
            • 937

            #6
            TheServant has this spot on. There is no need to decrypt the password. Simply copy the encrypted (more strictly speaking hashed) value from one database to another and carry on as normal.

            The hash should be done by PHP, that way the user can specify their own password which is hashed and stored. Then when they use it to log in you take the value entered, hash it and compare tat in the db. This should work regardless of the database - MySQL or SQL Server.

            Cheers
            nathj

            Comment

            • waqasahmed996
              New Member
              • Jun 2008
              • 160

              #7
              i dont know why but it is not working when same encrypted password is paste on other database. i am trying to find out why it is not working. As i come to know i will post message. but please if you how to decrypt md5() then guide me.

              Comment

              • nathj
                Recognized Expert Contributor
                • May 2007
                • 937

                #8
                md5() is a hash and therefore cannot be decrypted. However, there are sites that offer look-up tables. they basically have a database of word with the md5 result. This is the best you can hope for.

                Comment

                • TheServant
                  Recognized Expert Top Contributor
                  • Feb 2008
                  • 1168

                  #9
                  Mate, you cannot decrypt it like I said. Are you sure your SQL field is a long enough character length for it? Try store an md5()'d term in your new SQL tables and see if that works. If it does then you just have to copy the md5()'d passwords over, but if it doesn't you have an error in your code, SQL table setup, or SQL setup.

                  Comment

                  • stepterr
                    New Member
                    • Nov 2007
                    • 157

                    #10
                    waqasahmed996,
                    Do you have a user table in SQL Server just like you do in MySQL. Or are you trying to do this in the SQL Server Login Properties for the SQL Server Authentication?

                    Comment

                    • waqasahmed996
                      New Member
                      • Jun 2008
                      • 160

                      #11
                      thanks for reply

                      yes i have a table in SQL Server just like in Mysql. there is no issue of SQL Server Authentication

                      Comment

                      Working...