Solved

Decrypt md5

Posted on 2004-08-02
3
16,895 Views
Last Modified: 2013-12-12
Hello,

I am currently using the following MD5 function to store credit card numbers into a database:
---------------------------------------------------------------------------------
 function get_rnd_iv($iv_len)
 {
    $iv = '';
    while ($iv_len-- > 0) {
        $iv .= chr(mt_rand() & 0xff);
    }
    return $iv;
 }

 function md5_encrypt($plain_text, $password, $iv_len = 16)
 {
    $plain_text .= "\x13";
    $n = strlen($plain_text);
    if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
    $i = 0;
    $enc_text = get_rnd_iv($iv_len);
    $iv = substr($password ^ $enc_text, 0, 512);
    while ($i < $n) {
        $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
        $enc_text .= $block;
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return base64_encode($enc_text);
 }

 function md5_decrypt($enc_text, $password, $iv_len = 16)
 {
    $enc_text = base64_decode($enc_text);
    $n = strlen($enc_text);
    $i = $iv_len;
    $plain_text = '';
    $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
    while ($i < $n) {
        $block = substr($enc_text, $i, 16);
        $plain_text .= $block ^ pack('H*', md5($iv));
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
---------------------------------------------------------------------------------
Then I do this:
$cc_number = $_POST['sltCreditCard'];
$cc_number = md5($cc_number);
---------------------------------------------------------------------------------
and then in my SQL string I insert the $cc_number.
---------------------------------------------------------------------------------

Now, I want to run an internal monthly report.  How can I write a SQL statement that will decrypt the Credit Card number and show the actual number.

Is this possible?

Thanks.
0
Comment
Question by:rudyflyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
Diablo84 earned 125 total points
ID: 11693881
hi rudyflyer,

The short answer is no.

an md5 hashed string cannot be decrypted im afraid.

you can only compare encrypted strings to the hash but an md5 string cannot be decrypted.

you may wish to use an alternative method of encryption that can be decrypted such as base 64

encode: http://www.php.net/manual/en/function.base64-encode.php
decode: http://www.php.net/manual/en/function.base64-decode.php

0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11693914
Most encyption methods with php, with the exception of base64, is a one way process

Once encrypted it is not intended to be decrypted that way the data is very secure
0
 

Expert Comment

by:markbancks
ID: 22356687
Just for reference on MD5 and SHA are now NOT considered secure because of the possibility of 2 samples having the same hash and also reverse lookup tables and the freely available software to generate them.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AJAX, If No returns don't let the AJAX Call run again 2 36
How Close unsubmited attempts 10 47
Put POST values into cookies. 14 35
How do I speed up this PDO query 4 15
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo‚Ķ
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question