Is it Possible ????????

[ashii]

heloa guyz.

i just thought of saving the user's password in an encrypted format. so earlier i thought of using md5 to encrypt, but according to my research i prefer that it is insecure(Hackable) so i founded something called salt #ing  where we make the data more secured by using some PHP Buid-In Functions such as

 

substr();
sha1();
md5();
uniqid();
rand(); 

 

but ma salt was sumthin lyk diz

 

$pass=$_POST['txtpassword'];

$salthash = substr(sha1(md5($pass), true), 0);

 

and my INSERT INTO statement is

 

mysql_query("INSERT INTO user_login(password)
			VALUES
				 ('".$salthash."')

No probz it works perfectly.....

 

when i check the password in the database when the user tries to login its not giving me any error bcoz itz also workin accurately whch is sumthin lyk dis

  	if ($salthash == $row['password']) 
              {
                  echo 'ur logged in';
                
               }
                 else
                  {
                    echo 'Login Failed';
                  }

 

so no problem at all in saving a password and checkin a password.......

now my question is, is it possible to decrypt my password ??

 

Example I save a password called 'pass123'

it encrypts the password and saves it in the DB....

so again if i want to view my original password, i mean the 'pass123'....

what is the process that i should take over......

 

also is this the only way to encrypt a password....???

 

do we have any other way to encrypt and decrypt ..

if so plz type the scrypt below..

it would be a gr8 help.....

 

Thanking u all in advance

 

??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ???

[Ken2k7]

I suggest Google. Hashing is not the same as encrypting. You can't decrypt it.

 

Here's a similar topic - http://www.phpfreaks.com/forums/index.php/topic,254277.0.html

[akitchin]

IT IS NOT POSSIBLE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

as ken2k7 says, the only way to determine the original password is by finding something that hashes to the same value, and even then you're not guaranteed that it is the same string (in the case that there are hash collisions).

 

for the record, your use of substr() is entirely pointless in that code.

[kickstart]

Hi

 

No way to decript it because several different passwords could give the same hash.

 

With passwords if someone is hacking away then they quite possibly don't care what the original password is, as long as they have something that when hashed matches the original password.

 

All the best

 

Keith

[ashii]

K

is hashing is the only way to secure the password cant we use

eg: base64_encode
base64_decode

but i dont know how far this is secure and will it be possible for passwords or not???

 

[Ken2k7]

For what it's worth, you can do whatever you want. We're just saying it like it is. It really depends on what you mean by secure. If you mean secure as in impossible to hack or break, then I don't know of any method. If you mean really hard to near impossible to hack or break, then hashing is preferred. Ultimately, your site, your decision.

[waynewex]

Look, just do this:

 

$password = $_POST['password'];
$salt = "djhRANDOMLOL6s7!<(shYUns019kshey<sh!£hdIUOshQ";
$password = sha1($salt.$password.$salt);
//$password is now computationally secure

 

[ashii]

Thank u very Much Guyz .. I got it Done.....!!!

[Ken2k7]

Look, just do this:

 

$password = $_POST['password'];
$salt = "djhRANDOMLOL6s7!<(shYUns019kshey<sh!£hdIUOshQ";
$password = sha1($salt.$password.$salt);
//$password is now computationally secure

Wait... computationally secure? What in the world does that mean?