to de-encrypt from the text generate by bin2hex? [duplicate] - php

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
PHP 2-way encryption: I need to store passwords that can be retrieved
I am working with encrypt the password:
php> echo bin2hex(mhash(MHASH_SHA1,'test'));
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
My question is if I have a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 How Can I get back the test.
Are the function to de-encrypt?

your have to understand the diff between a hash function an encryption.
Hashes are one way. You can't convert back. Checking passwords on login usually works by hashing the password from login, too and then just check if hashes are the same.

Using SHA1 it is easy to convert some text into a hash, but going the other way is very, very time consuming, which is one reason why it's good to use for encryption, and in your example passwords.
You may have some luck with this site -
http://www.md5decrypter.co.uk/sha1-decrypt.aspx
It has a list of common hashes and your example 'test' was easily found.

Why do you want to decode the hash output? You can check the password by hash, instead of trying to decode it. By the way, you can't decode a hash, because it loses information when it gets coded. if you want to encrypt/decrypt you should use MCrypt or another encryption class

Related

how to decrypt md5 password in php? [duplicate]

This question already has answers here:
Is it possible to decrypt MD5 hashes?
(24 answers)
Closed 3 years ago.
i am creating one admin panel for my app but the main problem is that when i am displaying password to admin in plain text then it will creates problem ??
i have stored my password in md5 format in php ? how can i able to decrypt that code in plain text in php ?
i have tried several times with every possibilities, but i haven's find any right answer yet now ?
$string ="hello";
$password= md5 ($string);
i expect plain text password which is reverse of encryption, that is decryption
In Theory no you can't. MD5 is ONE WAY hash algorithm. The original string is (lost) throught transformations. The sequrity of MD5 is compromised but you can not "decrypt or reverse" it. You can use a Rainbow Tables and try to find a match. Why you want to see User Password in clear text? The reason of hashing (encryption but without decryption key) is to protect privacy by turning personal information into “for your eyes only”, it's meens only User shoud be know the Password.
Md5 is a hash algorithm, sometimes incorrectly referred to as “one way encryption”. There is no way to get the original string back.
Also, why would you like to show the password in plain text? That can be a serious security issue. The purpose of hashing is to make sure the user writes the same password every time without anyone else knowing what the password is.

Comparing two encrypted string with blowfish - php [duplicate]

This question already has answers here:
PHP Crypt() Compare two crypted strings
(5 answers)
Closed 8 years ago.
I generated an encrypted string with using blowfish encryption function (crypt()) in php and stored it in database. How can I check correctness of submitted password then?
For eg. during registration, I defined my pass as "1234" and then generated a random key and then my blowfish encrypted password something like "$2a$08$xPIviMLmVMHLQdzb$$$$$.OdQVKDPJeK4KIcdqnngIgv41lILjKR." So, when user comes back, how can I check correctness of his/her password? Is there any comparing function of two encrypted string from the same base password or another efficient way? Thanks in advance.
Simply pass the user input from the form into the crypt function, with the hash in the database.
For example:
<?php
if (crypt($passwordFromPost, $hashedPasswordInDb) == $hashedPasswordInDb)
{
// User has been authenticated
}
Passwords are usually not encrypted but hashed. It is not possible to regenerate the original password from a hash.
To find out more about password hashing in PHP the manual is a good starting point PHP manual

Salt / Hash in PHP vs in Database [duplicate]

This question already has answers here:
Secure hash and salt for PHP passwords
(14 answers)
Closed 8 years ago.
Is there an advantage as to where password hash and salt occurs, in PHP vs in a database? It seems having the process occur inside of a database would be the optimal solution; since the web server and the database would only have to exchange the password and not the salt.
It's okay to store the salt in the database. It's an advantage to do so, because you want to use a different random salt per user.
I recommend doing the hashing in the application.
The reason is that if you do the hashing in an SQL expression, and you use query logging on the database server, you might be storing plaintext samples of the user passwords in the query log.
If you're using something better than a simple hash + salt, like PBKDF2, you're going to have to involve PHP at this point AFAIK. So in terms of best location, for me, the best location is in the code because that's where you can do the "best" method of password hashing.

Is md5 decryption possible? [duplicate]

This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
Is it possible to decrypt md5 hashes?
I accidentally encrypted some data with the md5 encryption. I need to recover it. How can I decrypt the md5 encrypted data?
md5 is a hashing technique. You cannot decrypt it back.Hashing means, once you are converted it to a encrypted code, you cannot go back! But you can still compare the md5 encrypted value with the another md5 encrypted value to check matches (mostly in the case of password verification and all!)
No, it's not possible in general. MD5 is not an encryption algorithm. Multiple strings map to the same hash. It's impossible to know which of these strings is the "correct" one.
You can however try to use an online database to find a string that gives the correct hash:
Reverse MD5 hash lookup
It cannot be done. But perhaps some reverse-MD5 indexes have your data, coincidentally. Try this:
http://md5.gromweb.com/
Brute force. Not ideal but if you have a general idea of what the string might be, it could work.

MD5 password decryption [duplicate]

This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
Is it possible to decrypt md5 hashes?
Reversing an MD5 Hash
hi there is any way to decrypt md5 password field to allow user to edit password in form using javascript. or php.
MD5 is one way hashing algorithm - not a means of encrypting. As such, there's no means of decrypting it - only checking to see if another source input has the same hash.
No, there is no way, since hashing is not a reversible operation.
Your question is not very clear, but recovery of the origional string for hashes can be done with rainbowtables: http://en.wikipedia.org/wiki/Rainbow_table
(if the hash was salted, this will become troublesome ofcourse)
I wrote an app a few years back that brute-forces MD5 hashes against wordlists and previously-cracked MD5 hashes it finds via search engines, see if it comes up with anything for you:
http://bigtrapeze.com/md5/

Categories