MD5 help

[R1der]

ok i got a forgot password page what it does is thay type in there username and then it emails them there password.

but the password is md5 in the database can you help me make it so it send them there password decrypted?

[code$body = "Hello {$b['username']}! Your password for www.********.com is {$b['userpass']}. If you have any other problems please mail *****@********.com";
[/code

This si the part that needs help this part of the code is the body of the email you get with there password in it

Thx

[taith]

no. there is no way (as of yet) to decrypt md5()

[R1der]

Ah damn!


Thx anyways for the reply

[ToonMariner]

there never will be a decryption of md5 - if there is then md5 will no longer be an acceptable encryption algoritm.

What R1er is looking for is the two encrytpion offered by the mcrypt library

[taith]

lol... theres dozens of encriptions out there that have already cracked... its only a matter of time before md5() joins the ranks... it'll probably be a long long time... but its not impossible...

[R1der]

Ok stop confusing me lol

Can this be done or not? :P

[taith]

no. not at the moment lol... and dont expect it for a long while... lol

[R1der]

lol kk,

Can anyone suggest another way i can do this?

i want away my users can get there password if thay forget it.

[ted_chou12]

the only suggestion i have for you is to email them a new set of password, that would be the easiest way, or else you would have to change your password encrypt system, to something like rot13 or something...
Ted

btw, if you want a random pass. generate script, i have one...

[taith]

that does seem to be the easiest way of doing it... us a randomkeygen like...

[code]
function randomkeys($length){
$pattern = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0;$i<$length;$i++) $key .= $pattern{rand(0,62)};
return $key;
}
[/code]

set that generated key to the database, and email it to them, and allow them to change it on the page...

[Accurax]

[quote author=ToonMariner link=topic=121929.msg502193#msg502193 date=1168520577]
there never will be a decryption of md5 - if there is then md5 will no longer be an acceptable encryption algoritm.

What R1er is looking for is the two encrytpion offered by the mcrypt library
[/quote]

You could write a massive scriptto pass the MD5 through a program like Cain & Abel ... but i wouldnt bother tbh

[Accurax]

[quote author=taith link=topic=121929.msg502203#msg502203 date=1168521497]
no. not at the moment lol... and dont expect it for a long while... lol
[/quote]

MD5 is easy to crack... if you have the hash ... so is SHA1 for that matter

[Accurax]

There are several free standing programs that can crack MD5 and SHA 1 .. Cain and abel is one, The other is jack the ripper or something like that.

Whilst incorporating these programs into a php script is not really feasable... the simple fact that these programs contain algorithms capable of cracking md5 hash's means that it should at least be theoretically possible to do what your asking.

That said I wouldnt like to try it myself.

[emehrkay]

md5 has been hacked, move to sha1

anyway, on your resend password page. change it to reset password and generate a password email it to them and md5 it to the database