Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

decrypt md5 query

Posted on 2011-09-19
9
1,141 Views
Last Modified: 2013-11-13
I have an ecrypted password stored in mysql as:

               14e00514453e607339e844af173ec3b4

I know the password is 'meant to be 'camel4zoo' but the user canot login. I also know the salt string that is applied to get the above md5 hash. How can I find out what the password is and if there is some sort of error in the encrypt function being used by teh system (moodle).

Thanks

Thanks
0
Comment
Question by:Needy11
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 8

Expert Comment

by:raulggonzalez
ID: 36559515
Hi, maybe you're doing it already but just in case...

if you keep the password encrypted in DB, you must encrypt the input password to compare it with the stored one.

so whatever the user types as pass, you have to do md5 of it to compare md5(typed) = stored

Hope it helps.

cheers
0
 
LVL 14

Expert Comment

by:nishant joshi
ID: 36559845
0
 
LVL 14

Expert Comment

by:nishant joshi
ID: 36559847
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 50 total points
ID: 36560845
You cannot decrypt an MD5 because it is not an encryption - it is a digest number and it is ALWAYS 32 characters in size no matter what you feed in to it.

All you can do is feed your password into an MD5 function and see if the digest produced is the same is the one you have stored (as mentioned by rualgonalez above). Be careful with uppercase / lowercase issues and ensure that your strings contain no leading or trailing spaces (see http://www.php.net/trim for more info).

Finally, not all MD5 functions rteurn the same answer, so if the stored one was created with the MySQL MD5() function then use that rather than PHPs md5() to generate the one you wish to test. Make sure your salt string is EXACTLY the same and in the same sequence as the one you are testing against.
0
 

Author Comment

by:Needy11
ID: 36561283
Thanks for this. Is there any online app I can use to feed the salt string and md5 to verify outputs? I'm not really a developer.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 36561558
Not really. It is a small piece of PHP or PHP/MySQL that would not be worth writing an 'app' for. For instance this sort of scenario is typical


$password = trim( .... some input or other );
$rs = mysql_query("select * from myTable where username='$username' and password=MD5('$password') ");

if ( mysql_num_rows($rs) > 0 ) {
    .. passwords matched
}
0
 
LVL 25

Accepted Solution

by:
lenamtl earned 150 total points
ID: 36564247
Hi,
The user can use the 'Send my details via email' button on the login page.

salt and md5 infos are set in config.php

More info on Moodle - password salting
http://docs.moodle.org/19/en/Password_salting

You can try http://moodlesite/passchange.php 
Sometimes after update pw may not work correctly so maybe this is why it's not working anymore.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 36595300
You can feed strings to the md5() function on my server, here:
http://www.laprbass.com/RAY_md5.php

http://www.laprbass.com/RAY_md5.php?s=camel4zoo yields a0ab41837796d1c22156ff7f25664d3a.
0
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 50 total points
ID: 36595307
Sorry - I meant to post the script, too.

HTH, ~Ray
<?php // RAY_md5.php
echo "<pre>" . PHP_EOL;

if (!empty($_GET["s"]))
{
    $l = strlen($_GET["s"]) + 5;
    $r = substr("     1...5...10...15...20...25...30...35...40...45...50...55...60...65...70...75...80...85...90...95..100...", 0, $l);
    echo $r . PHP_EOL;
    echo "md5(\"{$_GET["s"]}\") = " . md5($_GET["s"]) . PHP_EOL;
}
?>
<form>ENTER SOMETHING:
<input name="s">
<input type="submit">
</form>

Open in new window

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
When table data gets too large to manage or queries take too long to execute the solution is often to buy bigger hardware or assign more CPUs and memory resources to the machine to solve the problem. However, the best, cheapest and most effective so…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question