Solved

Decrypt md5

Posted on 2004-08-02
3
16,886 Views
Last Modified: 2013-12-12
Hello,

I am currently using the following MD5 function to store credit card numbers into a database:
---------------------------------------------------------------------------------
 function get_rnd_iv($iv_len)
 {
    $iv = '';
    while ($iv_len-- > 0) {
        $iv .= chr(mt_rand() & 0xff);
    }
    return $iv;
 }

 function md5_encrypt($plain_text, $password, $iv_len = 16)
 {
    $plain_text .= "\x13";
    $n = strlen($plain_text);
    if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
    $i = 0;
    $enc_text = get_rnd_iv($iv_len);
    $iv = substr($password ^ $enc_text, 0, 512);
    while ($i < $n) {
        $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
        $enc_text .= $block;
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return base64_encode($enc_text);
 }

 function md5_decrypt($enc_text, $password, $iv_len = 16)
 {
    $enc_text = base64_decode($enc_text);
    $n = strlen($enc_text);
    $i = $iv_len;
    $plain_text = '';
    $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
    while ($i < $n) {
        $block = substr($enc_text, $i, 16);
        $plain_text .= $block ^ pack('H*', md5($iv));
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
---------------------------------------------------------------------------------
Then I do this:
$cc_number = $_POST['sltCreditCard'];
$cc_number = md5($cc_number);
---------------------------------------------------------------------------------
and then in my SQL string I insert the $cc_number.
---------------------------------------------------------------------------------

Now, I want to run an internal monthly report.  How can I write a SQL statement that will decrypt the Credit Card number and show the actual number.

Is this possible?

Thanks.
0
Comment
Question by:rudyflyer
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
Diablo84 earned 125 total points
ID: 11693881
hi rudyflyer,

The short answer is no.

an md5 hashed string cannot be decrypted im afraid.

you can only compare encrypted strings to the hash but an md5 string cannot be decrypted.

you may wish to use an alternative method of encryption that can be decrypted such as base 64

encode: http://www.php.net/manual/en/function.base64-encode.php
decode: http://www.php.net/manual/en/function.base64-decode.php

0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11693914
Most encyption methods with php, with the exception of base64, is a one way process

Once encrypted it is not intended to be decrypted that way the data is very secure
0
 

Expert Comment

by:markbancks
ID: 22356687
Just for reference on MD5 and SHA are now NOT considered secure because of the possibility of 2 samples having the same hash and also reverse lookup tables and the freely available software to generate them.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
tutorial for ebay api 3 32
editing example file and creating an accessible same directory error log txt file 2 25
ignore other .htaccess 2 43
PHP curl issue VERBOSE output 18 34
This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now