arathi Posted July 20, 2007 Share Posted July 20, 2007 Hi Is there is any other function other than MD5() to encrypt passwords and is there is any function to decrypt password Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/ Share on other sites More sharing options...
dooper3 Posted July 20, 2007 Share Posted July 20, 2007 Not sure about other methods, but I can tell you you can't decrypt md5 very easily. But you never should anyway, the way you should use it is all user passwords should be saved in md5 encrypted form and then when a user types in their password to log in, you md5 what they type in then compare it to the md5'd one you've got on record. Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303220 Share on other sites More sharing options...
arathi Posted July 20, 2007 Author Share Posted July 20, 2007 Hi After searching I got the answer. mcrypt_decrypt(), mcrypt_encrypt(), and also MD5() are the function used for password encryption and decryption. checkout the manual at: http://www.php.net/manual/en/ Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303222 Share on other sites More sharing options...
jscix Posted July 20, 2007 Share Posted July 20, 2007 Not sure about other methods, but I can tell you you can't decrypt md5 very easily. False, http://md5.rednoize.com/?q=a669c4570f99fab64c98225fc33601e6&b=MD5-Search or just do a google search. Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303231 Share on other sites More sharing options...
DeadEvil Posted July 20, 2007 Share Posted July 20, 2007 yes but not md5 function. Create your own script using base64_encode and base64_decode functions.. Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303242 Share on other sites More sharing options...
hvle Posted July 20, 2007 Share Posted July 20, 2007 False, http://md5.rednoize.com/?q=a669c4570f99fab64c98225fc33601e6&b=MD5-Search or just do a google search. what exactly that site does? I certain it won't decrypt md5. There is a sha1() function which also encrypt data, but with diff algorithm Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303250 Share on other sites More sharing options...
DeadEvil Posted July 20, 2007 Share Posted July 20, 2007 I found this code on the internet and it works... <? #crypt.class.php class crypt { var $keys; function crypt_key($ckey){ $this->keys = array(); $c_key = base64_encode(sha1(md5($ckey))); $c_key = substr($c_key, 0, round(ord($ckey{0})/5)); $c2_key = base64_encode(md5(sha1($ckey))); $last = strlen($ckey) - 1; $c2_key = substr($c2_key, 1, round(ord($ckey{$last})/7)); $c3_key = base64_encode(sha1(md5($c_key).md5($c2_key))); $mid = round($last/2); $c3_key = substr($c3_key, 1, round(ord($ckey{$mid})/9)); $c_key = $c_key.$c2_key.$c3_key; $c_key = base64_encode($c_key); for($i = 0; $i < strlen($c_key); $i++){ $this->keys[] = $c_key[$i]; } } function encrypt($string){ $string = base64_encode($string); $keys = $this->keys; for($i = 0; $i < strlen($string); $i++){ $id = $i % count($keys); $ord = ord($string{$i}); $ord = $ord OR ord($keys[$id]); $id++; $ord = $ord AND ord($keys[$id]); $id++; $ord = $ord XOR ord($keys[$id]); $id++; $ord = $ord + ord($keys[$id]); $string{$i} = chr($ord); } return base64_encode($string); } function decrypt($string){ $string = base64_decode($string); $keys = $this->keys; for($i = 0; $i < strlen($string); $i++){ $id = $i % count($keys); $ord = ord($string{$i}); $ord = $ord XOR ord($keys[$id]); $id++; $ord = $ord AND ord($keys[$id]); $id++; $ord = $ord OR ord($keys[$id]); $id++; $ord = $ord - ord($keys[$id]); $string{$i} = chr($ord); } return base64_decode($string); } } # Sets up an instance of the class $crypt = new crypt; ?> <? #test_crypt.php require_once('crypt.class.php); $crypt = new crypt; //sets up an instance of the class $or_ccno = '4123456789012345; print $crypt->crypt_key($or_ccno)."<br>"; //assigns an encryption key to the instance print "Enc: ".$encrypted = $crypt->encrypt($or_ccno)."<br>"; //encrypts the data using the key print "Dec: ".$decrypted = $crypt->decrypt($encrypted); //decrypts the data using the key ?> Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303254 Share on other sites More sharing options...
MadTechie Posted July 20, 2007 Share Posted July 20, 2007 you can NOT "decrypt" MD5.. you can have a database with all the decrypted values.. this is NOT decrypting.. also the "lookup" will fail with a simple change ie $password = "Hello"; $hash = md5($password."1"); //thats a very time change as for password you should use MD5 + salt (like the appending of the 1) instead of decrypting it you get the password the user has entered (to login) and MD5 it and compare that to the MD5 password in the database EDIT: as a side note sha1 is more secure but slightly slower Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303368 Share on other sites More sharing options...
phat_hip_prog Posted July 20, 2007 Share Posted July 20, 2007 The point of using 'one way functions' such as md5/sha/ripe etc is that you convert the plain text with the ability to then save it in plain sight (e.g. try # cat /etc/shadow). When you want to check the password, you put it through the same routine as before and then compare it to the saved one. If you want to save a password (or other doc) you should use either symmetric or asymmetric encryption algorithms, either way you'll have to save passwords (key sets) for these, for which you'll probably do the same as before. Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303374 Share on other sites More sharing options...
phat_hip_prog Posted July 20, 2007 Share Posted July 20, 2007 P.S. base64 is an encoding, not encryption... Its a good way of storing binary data as plain ascii text... Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303377 Share on other sites More sharing options...
dbo Posted July 20, 2007 Share Posted July 20, 2007 Anything can be cracked if your database gets compromised and someone has the time... and desire to do it. I'd suggest against using encrypt/decrypt method all together. The md5 method is the best one... you just need to make sure you salt it. So then when you are comparing the value in the DB you add your salt to the user input and encrypt it and compare encrypted vs encrypted. There is no need to ever be able to reverse passwords. Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303383 Share on other sites More sharing options...
MadTechie Posted July 20, 2007 Share Posted July 20, 2007 i don't see the reason for the encrypted part!! ??? it will take alittle longer will little (if anyone) benefit! i understand the idea but not the reason.. one way protection is designed for this encryption isn't.. you could use 2 salts which can be random and stored in the database with the username etc.. ie md5(md5("pass"."salt1").md5("pass"."salt2")) but at some point its going to be overkill also always remember the weakest point in the protection is never at the frontdoor, its normally the backdoor/window! creating a over complex login system is usless if you don't maintain the security once they have logged inn.. Quote Link to comment https://forums.phpfreaks.com/topic/60941-password-encryption-and-decryption/#findComment-303463 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.