• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

How to Decrypt the password using php

hi,

I had 2 fields in my database table named  password and  password_salt.The field password had d5c673c787001acd21a550645242a741 value  and password_salt had BH3 using these two values how  i decrypt the password.

thanks
0
whspider
Asked:
whspider
  • 2
  • 2
  • 2
  • +5
5 Solutions
 
Beverley PortlockCommented:
It depends how you encrypted it.

If that password is the result of an MD5 operation then you cannot decrypt it. MD5's are one-way only.  The idea is that if someone enters a password then you MD5 the entered version and compare it to the stored one. If they are the same the the password entered was valid.

0
 
whspiderAuthor Commented:
thanks for your replay . i know that but the issue is that they are not using the MD5 method

 for example:

Tthe original password is ramani this name is encrypted and stored in the database  like dc49a7cc03ee39b6f5ae8c43510f8284 now i had the original password and encrypted value .I  just need what technics they used to encrypt the password.
0
 
iGottZFrontend EngineerCommented:
MD5 = Hash
you can create hashes of everything. even files. so how will you get out of 32 letters and numbers a whole file back?
passwords can also be long. there is no limit when using md5.

you simply cannot say what this hash is made from. actually thats what hashes are made for.

you could bruteforce it but thats stupid if the password is long and you dont got a good cpu cluster or gpu to do this job.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
hernst42Commented:
They are using md5 and combining the salt with the password to generate the md5 hash. So rainbowtables does not work to recovert the password (cause of the salt). So it is not possible to reover the original password.
0
 
Beverley PortlockCommented:
"thanks for your replay . i know that but the issue is that they are not using the MD5 method"

It's 32 characters long and contains only hexadecimal data. It looks like an MD5 to me. If it is not an MD5 then what is it? If you cannot tell us then we cannot help.

Even knowing the starting password and the salt won't help. Look at this script which uses the salt, password and known result.

<?php

$p = "ramani";
$salt = "BH3";

$test = "dc49a7cc03ee39b6f5ae8c43510f8284";

$r = md5( $p );
echo "$r<br/>$test " . ($r == $test ) . "<br/><br/>";

$r = md5( $salt . $p );
echo "$r<br/>$test " . ($r == $test ) . "<br/><br/>";

$r = md5( $p . $salt );
echo "$r<br/>$test " . ($r == $test ) . "<br/><br/>";

$r = md5( $salt . $p . $salt );
echo "$r<br/>$test " . ($r == $test ) . "<br/><br/>";

$r = md5(  $p . $salt . $p );
echo "$r<br/>$test " . ($r == $test ) . "<br/><br/>";

$r = md5(  $p . $salt . $p . $salt );
echo "$r<br/>$test " . ($r == $test ) . "<br/><br/>";

Open in new window


Results (none of which match)

6b4995a929e2936ae07a4c0792385a93
dc49a7cc03ee39b6f5ae8c43510f8284

47ccfa48a11b64e54b8c60baa6aeff11
dc49a7cc03ee39b6f5ae8c43510f8284

e1acd78ee7adbc62d9806ce6bfcaaab0
dc49a7cc03ee39b6f5ae8c43510f8284

a248f99bc35ebcab0bcb07ede7a46f2d
dc49a7cc03ee39b6f5ae8c43510f8284

76c3f2177c2a6d4eaea56a708f7a64fa
dc49a7cc03ee39b6f5ae8c43510f8284

78f981b5a53196a081af0f2f04c80ef4
dc49a7cc03ee39b6f5ae8c43510f8284

Open in new window


So using known starting values I still cannot generate the hash because I do not know how these values were combined.
0
 
Ray PaseurCommented:
A 32-character hexadecimal string is the signature of the md5() hash.  You can learn a little more about md5() by reading the online man pages.
http://us2.php.net/manual/en/function.md5.php

6b4995a929e2936ae07a4c0792385a93 is the md5() for "ramani"
362056820372309574a94e4d0c106339 is the md5() for "Ramani"
47ccfa48a11b64e54b8c60baa6aeff11 is the md5() for "BH3ramani"
e1acd78ee7adbc62d9806ce6bfcaaab0 is the md5() for "ramaniBH3"
6b58743532453f5adafe307665863968 is the md5() for "BH3 ramani"

etc.  You will be spending a very long time trying to decode these md5() strings back into passwords.  Perhaps you can tell us why you would want to do this?  It's a very unusual request, trying to reverse an md5() string, since the intent of using the md5() string is to obscure the data permanently and most computer scientists understand this.  What is the purpose of this exercise, in plain language?



0
 
kumaranmcaCommented:
Cannot decrypt the MD5 values. Only overwrite the old password. use base64_encode and base64_decode functions. It might be helpful for you...
0
 
Ray PaseurCommented:
base64_encode is not needed with MD5() - the md5() function does not create information that needs to be encoded.
0
 
jrm213jrm213Commented:
Also just because it says it is the password and salt in those database fields it doesn't mean it is. Paranoid people do paranoid things like putting fake data in fields that say password and salt. If you have the code where they are doing the password comparisons then you should know what the encryption method is, so if you are sure it isn't MD5 then what do you know it is?
0
 
iGottZFrontend EngineerCommented:
as i said earlyer:

its technicaly impossible to decrypt an md5 hash. since decryption would require an encrypted string.

md5 is hashing not encryption.

a hash usualy has always the same length. if it doesnt it lacks of security.

you can easily put a 20000000000 char password into a 32 char md5 hash. this is technicaly possible.
but you cannot get 20000000000 chars out of 32 chars.

if you bruteforce this example you will find a string with less then 33 chars that also creates the same hash


i will say it again:

your goal that you want to achieve is technicaly impossible.
0
 
whspiderAuthor Commented:
ok
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now