makka Posted May 6, 2007 Share Posted May 6, 2007 hello i would like to know how to un md5 things because im using the md5 to hide a script on my site that will then get something off of the sit depending on what you wanted any help?? Quote Link to comment Share on other sites More sharing options...
paul2463 Posted May 6, 2007 Share Posted May 6, 2007 you cannot un MD5 anything it is a hash script and not an encryption script, it is a one way tool Quote Link to comment Share on other sites More sharing options...
makka Posted May 6, 2007 Author Share Posted May 6, 2007 ahh what about when you get passwords out and then you can md5 to see if they match cant you use a loop to get the first letter then second ect something like how a brute forcer works because ive made this system i just need this last part now and i don't relay plan on changing it Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 6, 2007 Share Posted May 6, 2007 $pass = "a passsword"; $HASH = md5($pass); $HASH goes into the database now //to check the password is correct you would so thingt like this $passFromUser ="wrongpassword" //compare $HASHFromUser = md5($passFromUser); //to HASH stored in the database. so you compare the results of the MD5 to each other.. i hope that makes sense Quote Link to comment Share on other sites More sharing options...
makka Posted May 6, 2007 Author Share Posted May 6, 2007 ohh yeh i know that im using md5 for something else im using it in the url but could you make a script to keep md5ing things to compare like a , b ,c so on untill z then aa, ab, ac, so on then ba, bb, bc ect so on unill it could end up like 50 letters long like abcdef, abcdeg so on and on if you get me Quote Link to comment Share on other sites More sharing options...
trq Posted May 6, 2007 Share Posted May 6, 2007 You can keep asking this question however you like, but, md5 cannot be reversed. Simple. It is a one way hash not an encryption (can be decrypted). If your system somehow relies on reversing an md5 then you didn't plan your system very well unfortunately. Quote Link to comment Share on other sites More sharing options...
Barand Posted May 6, 2007 Share Posted May 6, 2007 Not quite true - md5 encryption has been cracked, but the required computing power is little more than your average server. Quote Link to comment Share on other sites More sharing options...
trq Posted May 6, 2007 Share Posted May 6, 2007 Not quite true - md5 encryption has been cracked, but the required computing power is little more than your average server. Yeah... I was aware of this, but its hardly worth mentioning really, its just going to confuse the issue. Quote Link to comment Share on other sites More sharing options...
makka Posted May 6, 2007 Author Share Posted May 6, 2007 but how come if you get the md5 from the database then md5 the users input and compare they would match so you cant just use a loop to go through? Quote Link to comment Share on other sites More sharing options...
OilSheikh Posted May 6, 2007 Share Posted May 6, 2007 Just remember that MD5 fields HAVE TO BE 32 characters. So, the corresponding your field in your database should have this field length. Quote Link to comment Share on other sites More sharing options...
Jenk Posted May 6, 2007 Share Posted May 6, 2007 but how come if you get the md5 from the database then md5 the users input and compare they would match so you cant just use a loop to go through? You're asking about brute-force attacks, which of course are blatantly possible - so why even ask that question? and it's not possible to check if the nth character is correct, you must and can only compare the entire value. Quote Link to comment Share on other sites More sharing options...
makka Posted May 6, 2007 Author Share Posted May 6, 2007 it actually is like a brute forcer the way that i think you would have to go through to find out but if you had something like the md5 field to the page name and the page name is 'af' then it would md5 the following and then compare them.: a b c d e f g h i j k l m n o p q r s t u v q x y z aa ab ac ad ae af - match get me? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 7, 2007 Share Posted May 7, 2007 pointless this post is going no where. OK MD5 AKA (Message-Digest algorithm 5) you can NOT just use UNMD5 it doesn't work like that.. brute forcer takes time but will work time would be about 3 weeks using 6000 computers the best example ican give is if you is a if a document was a person then the MD5 would be the finger print, once you have the finger print you can match it to a person but not rebuild that person from the finger print... advice: Theirs a number of MD5 reverse lookup databases, which make it easy to decrypt password hashed with plain MD5. To prevent such attacks you can add a salt to your passwords before hashing them. Also, it is a good idea to apply the hashing function (MD5 in this case) more than once—see key strengthening. It increases the time needed to encode a password and discourages dictionary attacks. Quote Link to comment Share on other sites More sharing options...
makka Posted May 7, 2007 Author Share Posted May 7, 2007 yeah i get you now but how would i make a script that would go through like that and then check that value against another until they match and echo out what is has tried??? im now just interested lol Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 7, 2007 Share Posted May 7, 2007 think about it.. it bruteforce + md5.. simple as that i think this thread should be closed now, as were walking a line i think!! Quote Link to comment Share on other sites More sharing options...
makka Posted May 7, 2007 Author Share Posted May 7, 2007 think about it.. it bruteforce + md5.. simple as that i think this thread should be closed now, as were walking a line i think!! umm if you say so... Quote Link to comment Share on other sites More sharing options...
igor berger Posted May 7, 2007 Share Posted May 7, 2007 I think this guy watched Mission Impossible too many times! Quote Link to comment Share on other sites More sharing options...
Jenk Posted May 7, 2007 Share Posted May 7, 2007 yeah i get you now but how would i make a script that would go through like that and then check that value against another until they match and echo out what is has tried??? im now just interested lol You've already answered your own question.. Quote Link to comment Share on other sites More sharing options...
dj-kenpo Posted May 7, 2007 Share Posted May 7, 2007 instead of attacking the guy why don't you guys think about alternatives to the same end. yes, you can't un-md5 (without 6000 computers) and yes, sorry to say it but you're being annoying by not getting that fact. but there are alternatives. you could create your own simple encrypt function. use string replace and swap soem of your characters. ie a=g b=z etc. you could do something simple that would encrypt your scripts as you wish them to be, for whatever strange reason you need to do this. Quote Link to comment Share on other sites More sharing options...
makka Posted May 7, 2007 Author Share Posted May 7, 2007 yes jut i would like the script now and thanks im actually making one and i get that fact but out of curiosity i would like to know how to do the a, b, c string compare Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.