un md5ing

[makka]

hello i would like to know how to un md5 things because im using the md5 to hide a script on my site that will then get something off of the sit depending on what you wanted any help??

[paul2463]

you cannot un MD5 anything it is a hash script and not an encryption script, it is a one way tool

[makka]

ahh what about when you get passwords out and then you can md5 to see if they match cant you use a loop to get the first letter then second ect something like how a brute forcer works because ive made this system i just need this last part now and i don't relay plan on changing it

[MadTechie]

$pass = "a passsword";
$HASH = md5($pass);

 

$HASH goes into the database

 

now

//to check the password is correct you would so thingt like this
$passFromUser ="wrongpassword"
//compare
$HASHFromUser = md5($passFromUser);
//to HASH stored in the database.

 

so you compare the results of the MD5 to each other..

 

i hope that makes sense

[makka]

ohh yeh i know that im using md5 for something else im using it in the url but could you make a script to keep md5ing things to compare like

 

a , b ,c so on untill z then aa, ab, ac, so on then ba, bb, bc ect so on unill it could end up like 50 letters long like abcdef, abcdeg so on and on  if you get me

[trq]

You can keep asking this question however you like, but, md5 cannot be reversed. Simple. It is a one way hash not an encryption (can be decrypted). If your system somehow relies on reversing an md5 then you didn't plan your system very well unfortunately.

[Barand]

Not quite true - md5 encryption has been cracked, but the required computing power is little more than your average server.

[trq]

Not quite true - md5 encryption has been cracked, but the required computing power is little more than your average server.

 

Yeah... I was aware of this, but its hardly worth mentioning really, its just going to confuse the issue.

[makka]

but how come if you get the md5 from the database then md5 the users input and compare they would match so you cant just use a loop to go through?

[OilSheikh]

Just remember that MD5 fields HAVE TO BE 32 characters. So, the corresponding your field in your database should have this field length.

[Jenk]

but how come if you get the md5 from the database then md5 the users input and compare they would match so you cant just use a loop to go through?

You're asking about brute-force attacks, which of course are blatantly possible - so why even ask that question?

 

and it's not possible to check if the nth character is correct, you must and can only compare the entire value.

[makka]

it actually is like a brute forcer the way that i think you would have to go through to find out but if you had something like the md5 field to the page name and the page name is 'af' then it would md5 the following and then compare them.:

a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
q
x
y
z
aa
ab
ac
ad
ae
af - match

 

get me?

[MadTechie]

pointless this post is going no where.

 

OK MD5 AKA (Message-Digest algorithm 5)

you can NOT just use UNMD5 it doesn't work like that..

 

brute forcer takes time but will work

time would be about 3 weeks using 6000 computers

 

the best example ican give is if you is a if a document was a person then the MD5 would be the finger print, once you have the finger print you can match it to a person but not rebuild that person from the finger print...

 

advice:

Theirs a number of MD5 reverse lookup databases, which make it easy to decrypt password hashed with plain MD5. To prevent such attacks you can add a salt to your passwords before hashing them.

Also, it is a good idea to apply the hashing function (MD5 in this case) more than once—see key strengthening. It increases the time needed to encode a password and discourages dictionary attacks.

[makka]

yeah i get you now but how would i make a script that would go through like that and then check that value against another until they match and echo out what is has tried??? im now just interested lol

[MadTechie]

think about it..

it bruteforce + md5.. simple as that

 

i think this thread should be closed now, as were walking a line i think!!

[makka]

think about it..

it bruteforce + md5.. simple as that

 

i think this thread should be closed now, as were walking a line i think!!

 

umm if you say so...

[igor berger]

I think this guy watched Mission Impossible too many times!

[Jenk]

yeah i get you now but how would i make a script that would go through like that and then check that value against another until they match and echo out what is has tried??? im now just interested lol

You've already answered your own question..

[dj-kenpo]

instead of attacking the guy why don't you guys think about alternatives to the same end.

 

yes, you can't un-md5 (without 6000 computers) and yes, sorry to say it but you're being annoying by not getting that fact.

 

but there are alternatives. you could create your own simple encrypt function. use string replace and swap soem of your characters. ie a=g b=z etc. you could do something simple that would encrypt your scripts as you wish them to be, for whatever strange reason you need to do this.

[makka]

yes jut i would like the script now

 

and thanks im actually making one and i get that fact but out of curiosity i would like to know how to do the a, b, c string compare