Solved

Decrypt md5

Posted on 2004-08-02
3
16,884 Views
Last Modified: 2013-12-12
Hello,

I am currently using the following MD5 function to store credit card numbers into a database:
---------------------------------------------------------------------------------
 function get_rnd_iv($iv_len)
 {
    $iv = '';
    while ($iv_len-- > 0) {
        $iv .= chr(mt_rand() & 0xff);
    }
    return $iv;
 }

 function md5_encrypt($plain_text, $password, $iv_len = 16)
 {
    $plain_text .= "\x13";
    $n = strlen($plain_text);
    if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
    $i = 0;
    $enc_text = get_rnd_iv($iv_len);
    $iv = substr($password ^ $enc_text, 0, 512);
    while ($i < $n) {
        $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
        $enc_text .= $block;
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return base64_encode($enc_text);
 }

 function md5_decrypt($enc_text, $password, $iv_len = 16)
 {
    $enc_text = base64_decode($enc_text);
    $n = strlen($enc_text);
    $i = $iv_len;
    $plain_text = '';
    $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
    while ($i < $n) {
        $block = substr($enc_text, $i, 16);
        $plain_text .= $block ^ pack('H*', md5($iv));
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
---------------------------------------------------------------------------------
Then I do this:
$cc_number = $_POST['sltCreditCard'];
$cc_number = md5($cc_number);
---------------------------------------------------------------------------------
and then in my SQL string I insert the $cc_number.
---------------------------------------------------------------------------------

Now, I want to run an internal monthly report.  How can I write a SQL statement that will decrypt the Credit Card number and show the actual number.

Is this possible?

Thanks.
0
Comment
Question by:rudyflyer
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
Diablo84 earned 125 total points
ID: 11693881
hi rudyflyer,

The short answer is no.

an md5 hashed string cannot be decrypted im afraid.

you can only compare encrypted strings to the hash but an md5 string cannot be decrypted.

you may wish to use an alternative method of encryption that can be decrypted such as base 64

encode: http://www.php.net/manual/en/function.base64-encode.php
decode: http://www.php.net/manual/en/function.base64-decode.php

0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11693914
Most encyption methods with php, with the exception of base64, is a one way process

Once encrypted it is not intended to be decrypted that way the data is very secure
0
 

Expert Comment

by:markbancks
ID: 22356687
Just for reference on MD5 and SHA are now NOT considered secure because of the possibility of 2 samples having the same hash and also reverse lookup tables and the freely available software to generate them.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
php ssh2_scp_send 1 48
phpmailer in WHILE loop - weird results 10 27
What is the best PDF generator to use? 1 28
updating the date data 12 21
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now