Solved

# Decrypt md5

Posted on 2004-08-02
16,880 Views
Hello,

I am currently using the following MD5 function to store credit card numbers into a database:
---------------------------------------------------------------------------------
function get_rnd_iv(\$iv_len)
{
\$iv = '';
while (\$iv_len-- > 0) {
\$iv .= chr(mt_rand() & 0xff);
}
return \$iv;
}

function md5_encrypt(\$plain_text, \$password, \$iv_len = 16)
{
\$plain_text .= "\x13";
\$n = strlen(\$plain_text);
if (\$n % 16) \$plain_text .= str_repeat("\0", 16 - (\$n % 16));
\$i = 0;
\$enc_text = get_rnd_iv(\$iv_len);
\$iv = substr(\$password ^ \$enc_text, 0, 512);
while (\$i < \$n) {
\$block = substr(\$plain_text, \$i, 16) ^ pack('H*', md5(\$iv));
\$enc_text .= \$block;
\$iv = substr(\$block . \$iv, 0, 512) ^ \$password;
\$i += 16;
}
return base64_encode(\$enc_text);
}

function md5_decrypt(\$enc_text, \$password, \$iv_len = 16)
{
\$enc_text = base64_decode(\$enc_text);
\$n = strlen(\$enc_text);
\$i = \$iv_len;
\$plain_text = '';
\$iv = substr(\$password ^ substr(\$enc_text, 0, \$iv_len), 0, 512);
while (\$i < \$n) {
\$block = substr(\$enc_text, \$i, 16);
\$plain_text .= \$block ^ pack('H*', md5(\$iv));
\$iv = substr(\$block . \$iv, 0, 512) ^ \$password;
\$i += 16;
}
return preg_replace('/\\x13\\x00*\$/', '', \$plain_text);
}
---------------------------------------------------------------------------------
Then I do this:
\$cc_number = \$_POST['sltCreditCard'];
\$cc_number = md5(\$cc_number);
---------------------------------------------------------------------------------
and then in my SQL string I insert the \$cc_number.
---------------------------------------------------------------------------------

Now, I want to run an internal monthly report.  How can I write a SQL statement that will decrypt the Credit Card number and show the actual number.

Is this possible?

Thanks.
0
Question by:rudyflyer
• 2

LVL 27

Accepted Solution

Diablo84 earned 125 total points
ID: 11693881
hi rudyflyer,

an md5 hashed string cannot be decrypted im afraid.

you can only compare encrypted strings to the hash but an md5 string cannot be decrypted.

you may wish to use an alternative method of encryption that can be decrypted such as base 64

encode: http://www.php.net/manual/en/function.base64-encode.php
decode: http://www.php.net/manual/en/function.base64-decode.php

0

LVL 27

Expert Comment

ID: 11693914
Most encyption methods with php, with the exception of base64, is a one way process

Once encrypted it is not intended to be decrypted that way the data is very secure
0

Expert Comment

ID: 22356687
Just for reference on MD5 and SHA are now NOT considered secure because of the possibility of 2 samples having the same hash and also reverse lookup tables and the freely available software to generate them.
0

## Featured Post

Introduction Many web sites contain image galleries; a common design for these galleries includes a page with a collection of thumbnail images.  You can click on each of the thumbnail images to see the larger version of the image.  This is easily i…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.