We Keep Coding

Change hashing method to a already hashed password [duplicate]

This question already has answers here:
How do I convert password hashing from MD5 to SHA?
(7 answers)
Closed 11 days ago.
I would like if it's possible to change the hashing method for an already hashed password. For example:
$password_input = '123456789';
$hashed_password = md5($password_input);
// The output would be 25f9e794323b453885f5181f1b624d0b
The result was made with the following online tool:
https://helloacm.com/md5/
The next step would be insert the hashed password into the database. When I do this the given hashed password will be in the users table. If I select that password, can I change the md5 hash by a sha-256? For example:
$md5_password = '25f9e794323b453885f5181f1b624d0b';
$sha256_password = hash('sha256', $md5_password);
If this would be possible, would it break the login function? I mean if I use password_verify method, will it return true?

You will not get password back from md5, you can't unhash one way hash algorithms.
What we do - incorporate re-hashing in login flow.
User logins to your system with old hash password
You detect, that this user needs re-hash
While still having sent plain text password you hash it with new algorithm and save to database
Next time user logins with newly hashed password without problems

how password_verify() function actually works in PHP [duplicate]

This question already has answers here:
How does password salt help against a rainbow table attack?
(10 answers)
How can bcrypt have built-in salts?
(5 answers)
Password hashing, salt and storage of hashed values
(4 answers)
Closed 3 months ago.
I am wondering about how password_verify() verifies the hash, I have reviewed the documentation and many answers in StackOverflow, but I didn't get the idea
because, as I understood, this function will compare the hash with entered password after hashing it again, and use the same salt and cost and algorithm,
but the question here: if anyone can separate the salt from the hashed password, then anybody also can try to use rehash and try to match, and the salt will be useless here. Am I right, or what?

The salt have to be generated randomly each time the fonction is used (and it's what this function does, and not accept custom salt anymore).
For example:
<?php
$password = "nothing";
echo password_hash($password, PASSWORD_DEFAULT);
echo PHP_EOL;
echo password_hash($password, PASSWORD_DEFAULT);
Give the response :
$2y$10$mdJRjsoc1vR11SKa2JDyS.qSlxja/a0SUPuXC1NKsRLkzmayKwjku
$2y$10$H2th6dRY/i.xZzXSGxDZ1uaiwZx6s0.FM0NXcBcBQ0E2aNEHCJ57m
It's the same password with differents results.
The hashed password is stored in a database or a file. In this case, an admin system (or someone who's hacked the database) can't say if the same password is used by differents users. Another point, rainbow tables can't be used with hashed password with salt. Only brut force can be done.
Using the same salt for all is not more secure than using simple hash algorytm.

Can I Decrypt md5 in php? [duplicate]

This question already has answers here:
Is it possible to decrypt MD5 hashes?
(24 answers)
Closed 7 years ago.
This is my encryption password.
$encrypted = md5($password);
Can I Decrypt it?

MD5 is a hash function, which are one-way functions (cannot be undone).
Whilst I would not recommend MD5 for password storage, if you want to verify that a password is correct you do not need to decrypt the hash. The idea is in order to verify a password is correct, rather than decrypting the hash, you encrypt the password given and compare the two hash values. If the two hash values are the same, then the two passwords are the same,

Storing password salts separately from password hashes? [duplicate]

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
what is best possible way of salting and storing salt?
Improve password hashing with a random salt
Assuming that using a correct algorithm for password hashing and generating different salts for each password...
Is it a security risk to store salts separately from password hashes? For ex. in a database table, storing password hashes in one column, and password salts in a separate column?
I saw strategies where the salt is embedded into the password hash itself, by using a specific algorithm. Later on the salt can be extracted from the password hash. Is this more secure?

From everything I have ever read and done, there is nothing wrong with storing the password hash and password salt in separate columns, and that is the most common way to do it.
The basic method for authentication should go something like this:
Retrieve user_id and password_salt using user supplied username or email
Concat user supplied password input with retrieved salt
Use hashing algorithm on combined string
Check created hash against the hash in the database

MD5 password decryption [duplicate]

This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
Is it possible to decrypt md5 hashes?
Reversing an MD5 Hash
hi there is any way to decrypt md5 password field to allow user to edit password in form using javascript. or php.

MD5 is one way hashing algorithm - not a means of encrypting. As such, there's no means of decrypting it - only checking to see if another source input has the same hash.

No, there is no way, since hashing is not a reversible operation.

Your question is not very clear, but recovery of the origional string for hashes can be done with rainbowtables: http://en.wikipedia.org/wiki/Rainbow_table
(if the hash was salted, this will become troublesome ofcourse)

I wrote an app a few years back that brute-forces MD5 hashes against wordlists and previously-cracked MD5 hashes it finds via search engines, see if it comes up with anything for you:
http://bigtrapeze.com/md5/