Jump to content


md5 not being decrypted(ever)

  • Please log in to reply
1 reply to this topic

#1 Ninjakreborn

  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 19 October 2006 - 08:11 PM

My question is not whether or not md5 can be decrypted, because I know it's the answer no.
BUt what I instead want to ask.

Based on knowing the algorith behind md5.
If you put in a word, using
whatever is in the variable will be the exact same everytime you md5 it.
Then if you use 2 vague variables like
the hash's turn out totally different, almost at random, but still, if you rehash the things again, then it comes out the same.

So it seems the algorithm isn't based on how many letter's are in the word(s), or what letter is before what alphabetically, but I don't see(using php), why someone couldn't decrypt it if they could discover how it works.
Just a thought, now a question

With md5, I have started thinking about double(triple) hashing, but it might be a waste of time.
But I was thinking, if you have a password
$password = "dave";
$password = md5($dave);
$password = md5($password);
$password = md5$password);
As you can see you hash the password dave 3 times.
I was thinking then when someone log's in to test for the hash like this
$password = "dave";
$password = md5($dave);
$password = md5($password);
$password = md5$password);
$userpassword = $_POST['password']; // This is what they entered in the form)
if (md5(md5(md5($_POST['password']))) == $password) {
// correct password
}else {
// incorrect password
won't this be the same as only doing it once, just more secure?


Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.

#2 craygo

  • Staff Alumni
  • Advanced Member
  • 1,973 posts
  • LocationRhode Island

Posted 19 October 2006 - 08:18 PM

Well if you are storing it in the database as a triple md5 hash then you would not need to hash it again, Just hash the POST['password'] 3 times and compare them. And yes It would be the same. Just don't know how secure it would be, unless like you said someone broke the md5 hash.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users