?
Solved

Decrypt md5

Posted on 2004-08-02
3
Medium Priority
?
16,901 Views
Last Modified: 2013-12-12
Hello,

I am currently using the following MD5 function to store credit card numbers into a database:
---------------------------------------------------------------------------------
 function get_rnd_iv($iv_len)
 {
    $iv = '';
    while ($iv_len-- > 0) {
        $iv .= chr(mt_rand() & 0xff);
    }
    return $iv;
 }

 function md5_encrypt($plain_text, $password, $iv_len = 16)
 {
    $plain_text .= "\x13";
    $n = strlen($plain_text);
    if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
    $i = 0;
    $enc_text = get_rnd_iv($iv_len);
    $iv = substr($password ^ $enc_text, 0, 512);
    while ($i < $n) {
        $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
        $enc_text .= $block;
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return base64_encode($enc_text);
 }

 function md5_decrypt($enc_text, $password, $iv_len = 16)
 {
    $enc_text = base64_decode($enc_text);
    $n = strlen($enc_text);
    $i = $iv_len;
    $plain_text = '';
    $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
    while ($i < $n) {
        $block = substr($enc_text, $i, 16);
        $plain_text .= $block ^ pack('H*', md5($iv));
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
---------------------------------------------------------------------------------
Then I do this:
$cc_number = $_POST['sltCreditCard'];
$cc_number = md5($cc_number);
---------------------------------------------------------------------------------
and then in my SQL string I insert the $cc_number.
---------------------------------------------------------------------------------

Now, I want to run an internal monthly report.  How can I write a SQL statement that will decrypt the Credit Card number and show the actual number.

Is this possible?

Thanks.
0
Comment
Question by:rudyflyer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
Diablo84 earned 500 total points
ID: 11693881
hi rudyflyer,

The short answer is no.

an md5 hashed string cannot be decrypted im afraid.

you can only compare encrypted strings to the hash but an md5 string cannot be decrypted.

you may wish to use an alternative method of encryption that can be decrypted such as base 64

encode: http://www.php.net/manual/en/function.base64-encode.php
decode: http://www.php.net/manual/en/function.base64-decode.php

0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11693914
Most encyption methods with php, with the exception of base64, is a one way process

Once encrypted it is not intended to be decrypted that way the data is very secure
0
 

Expert Comment

by:markbancks
ID: 22356687
Just for reference on MD5 and SHA are now NOT considered secure because of the possibility of 2 samples having the same hash and also reverse lookup tables and the freely available software to generate them.
0

Featured Post

WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question