Anyway of Decrypting a md5 Password? Forgot PW Form - HELP

[oliverj777]

Hello,

 

My user login script saves their passwords into my SQL in a md5 encryption.

 

I am currently working on a 'forgot password' that sends the password to their email.

 

The code that pulls out the password is this:

 

echo $req_user_info['pass'];

 

Now is there a way to decrypt the 'pass' (currently nothing is displayed - not even the encryption code)

 

Please help - Ollie

[wildteen88]

No, md5 cannot be decrypted. What you should do instead is reset their current password with a new one, which will contain a bunch of random letters/numbers etc. They then use this new password to login to their account.

[oliverj777]

Okay -

 

Is there a way to find out how many characters the password has? (for a different purpose) -- I would like to display their password on a 'manage user page' like so: ***** - so I would only be retrieving a character count, and using that figure to place the ** accordingly??

 

Cheers

 

[PFMaBiSmAd]

LOL, since md5() isn't encryption, there is no way to decrypt it. It is a one-way hash (checksum.)

[oliverj777]

Humm, okay.

 

What would be the code for counting ($count) how many characters their are in a text field then?

 

-- then to echo it...

 

This is what I want ...

 

$word = "hello"

 

$count = How many characters in $word.

 

echo $count

 

 

 

[MadTechie]

Don't display the password length either.. that also reduces the security !

just have the * as 8 chars no matter of the length

[fortnox007]

You cant md5 is a one way only hash that results in a hash with the same length for anything.

If you have access to the database (which i assume you have, otherwise how do you know the hashed pwd?  )

In that case hash a new pwd and put it directly in the row of your database. You cant decrypt it. thats the whole idea.

Google for rainbowtable md5 cracking if you wanna try it anyways.