Solved

decrypt md5 query

Posted on 2011-09-19
9
1,123 Views
Last Modified: 2013-11-13
I have an ecrypted password stored in mysql as:

               14e00514453e607339e844af173ec3b4

I know the password is 'meant to be 'camel4zoo' but the user canot login. I also know the salt string that is applied to get the above md5 hash. How can I find out what the password is and if there is some sort of error in the encrypt function being used by teh system (moodle).

Thanks

Thanks
0
Comment
Question by:Needy11
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 8

Expert Comment

by:raulggonzalez
ID: 36559515
Hi, maybe you're doing it already but just in case...

if you keep the password encrypted in DB, you must encrypt the input password to compare it with the stored one.

so whatever the user types as pass, you have to do md5 of it to compare md5(typed) = stored

Hope it helps.

cheers
0
 
LVL 14

Expert Comment

by:nishant joshi
ID: 36559845
0
 
LVL 14

Expert Comment

by:nishant joshi
ID: 36559847
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 50 total points
ID: 36560845
You cannot decrypt an MD5 because it is not an encryption - it is a digest number and it is ALWAYS 32 characters in size no matter what you feed in to it.

All you can do is feed your password into an MD5 function and see if the digest produced is the same is the one you have stored (as mentioned by rualgonalez above). Be careful with uppercase / lowercase issues and ensure that your strings contain no leading or trailing spaces (see http://www.php.net/trim for more info).

Finally, not all MD5 functions rteurn the same answer, so if the stored one was created with the MySQL MD5() function then use that rather than PHPs md5() to generate the one you wish to test. Make sure your salt string is EXACTLY the same and in the same sequence as the one you are testing against.
0
 

Author Comment

by:Needy11
ID: 36561283
Thanks for this. Is there any online app I can use to feed the salt string and md5 to verify outputs? I'm not really a developer.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 36561558
Not really. It is a small piece of PHP or PHP/MySQL that would not be worth writing an 'app' for. For instance this sort of scenario is typical


$password = trim( .... some input or other );
$rs = mysql_query("select * from myTable where username='$username' and password=MD5('$password') ");

if ( mysql_num_rows($rs) > 0 ) {
    .. passwords matched
}
0
 
LVL 25

Accepted Solution

by:
lenamtl earned 150 total points
ID: 36564247
Hi,
The user can use the 'Send my details via email' button on the login page.

salt and md5 infos are set in config.php

More info on Moodle - password salting
http://docs.moodle.org/19/en/Password_salting

You can try http://moodlesite/passchange.php 
Sometimes after update pw may not work correctly so maybe this is why it's not working anymore.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 36595300
You can feed strings to the md5() function on my server, here:
http://www.laprbass.com/RAY_md5.php

http://www.laprbass.com/RAY_md5.php?s=camel4zoo yields a0ab41837796d1c22156ff7f25664d3a.
0
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 50 total points
ID: 36595307
Sorry - I meant to post the script, too.

HTH, ~Ray
<?php // RAY_md5.php
echo "<pre>" . PHP_EOL;

if (!empty($_GET["s"]))
{
    $l = strlen($_GET["s"]) + 5;
    $r = substr("     1...5...10...15...20...25...30...35...40...45...50...55...60...65...70...75...80...85...90...95..100...", 0, $l);
    echo $r . PHP_EOL;
    echo "md5(\"{$_GET["s"]}\") = " . md5($_GET["s"]) . PHP_EOL;
}
?>
<form>ENTER SOMETHING:
<input name="s">
<input type="submit">
</form>

Open in new window

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question