[SOLVED] unhash md5

[dadamssg]

I used a prewritten script for my login and now im tearing it apart and putting it back together to understand but the script enters the password in md5, which i like, but i want to know how to unhash incase the user forgets their password and i need to email it back to them. thanks

[graham23s]

Hi Mate,

 

as far as i know you can't unhash the md5, what you need to do is generate the user a random password, then let them change it themselves when they log in

 

Graham

[Mchl]

as far as i know you can't unhash the md5, what you need to do is generate the user a random password, then let them change it themselves when they log in

 

Graham

 

Correct

[dadamssg]

oh ok awesome. thank you gentlemen

[uniflare]

You cannot "unhash" an md5 string. if it is just a simple md5(password) and not a md5(time().password) then you can use an md5 cracker.

 

Basically md5 is only 32 chars long, which means 32¹⁶ possible strings (32 characters, each one of them has 16 possible values, 0-9a-f, whereas if u take a file which could be a million characters long, then there could be 1,000,000¹⁶ possible changes.

 

These dont add up, and so, ou dont need to know the exact password to get the same md5 hash.

 

As graham said, you could use a "secret question and answer" to change the password, OR, provide a link to a page where the can enter a key (which u email), and a new password, or just reset the password and email them the new one.

 

PS - i absolutely despise random password generators. and so do a lot of people surfin the web, i wanna use my password! lol