Re: md5 encryption

From: "Simon" <spambucket@xxxxxxxxxxxx>
Date: Fri, 27 May 2005 16:36:39 +0100

"roger" <pageme@xxxxxxxxxxxx> wrote in message
news:x5Hle.419$%h4.286@xxxxxxxxxxxxxxxxxxxxxxx
> When a MySql DB has passwords encrypted using md5() from a php script, is
> there a way of returning the unencrypted data if the site key is known or
> is
> it only one way encryption.
>

Technically it is possible, but it is near impossible to do.
The idea is that if you think you know the password, md5() it, if it matches
the one on record you have a match. Otherwise try again.

That way if you crack someone data, you might not be able to use the
passwords.

Simon

.

Follow-Ups:
- Re: md5 encryption
  - From: Michael Trausch

References:
- md5 encryption
  - From: roger

Prev by Date: md5 encryption
Next by Date: Re: md5 encryption
Previous by thread: md5 encryption
Next by thread: Re: md5 encryption
Index(es):
- Date
- Thread

Relevant Pages

Re: secure login form
... For my point of view I'm thinking of using md5 passwords in db. ... If you want the avoid the man-in-the-middle eavesdropping on you: Then you need https, ... If you are afraid the username/password you store in your database is hacked somehow, then it can make sense to store them with an md5 hash, which is one-way encryption indeed. ... (You can propagate the sessionid from http to https via a form, and let the receiving script use that sessionid for its https session. ...
(comp.lang.php)
Re: secure login form
... For my point of view I'm thinking of using md5 passwords in db. ... If you want the avoid the man-in-the-middle eavesdropping on you: Then you need https, ... If you are afraid the username/password you store in your database is hacked somehow, then it can make sense to store them with an md5 hash, which is one-way encryption indeed. ... (You can propagate the sessionid from http to https via a form, and let the receiving script use that sessionid for its https session. ...
(comp.lang.php)
Re: Time-to-crack MD5 passwords
... ]>]> customer of, regarding the length of passwords. ... ]> The md5 passwords do not use just md5. ... ]> use an arbitrary length string-- you are not limited to 8 characters. ...
(comp.security.misc)
Re: Current thoughts on system partitioning
... > Just to use my specific example, I've built a server with two 160 GB ... In my experience, SuSE by default installs DES encryption for passwords, ... you can switch the SuSE to MD5 ...
(comp.os.linux.misc)
Re: [PHP] md5
... It is likely possible to find alternate passwords if the md5 is known - if a user can get a hold of your md5'ed passwords, they may be able to come up with another password that will create the same MD5 hash, thus would be capable of logging in to the system. ... I'd much rather have an algorithm that is well known, well analysed and *still* secure over an unknown and untested algorithm. ...
(php.general)