Encryption Question?

[Solarpitch]

Hey Guys,

 

I am just wondering. I want to store a 10 digit number in my database under md5() encryption. Is it possible to get the value of the number at a later date from this encryption if needed?

 

It probably sounds stupid because in theory I am trying to reverse encrypt but the number needs to be encrypted in the database, yet ... be made viewable on a web page when requested.

 

Ger

[foreverhex]

As far as I know, you can't reverse encrypt.

[Solarpitch]

Ummm :-\ .. thats what I thought alright. Does anyone know if there is a work around to this method or will I just have to bite the bullet and get on with it!

[revraz]

A work around would be to use your own encryption method.

[foreverhex]

if you are using SQL of some sort you can store two fields (one encypted and one not) and only access the unencypted one when nessary.

[moon 111]

The whole idea of MD5 is that it can't be reversed, however it is possible to brute-force it. I wouldn't suggest it since it is very CPU intensive. I would move the info into a different reversable encryption but if that is not an option you can brute-force it. Basicly try to md5 all of the possible options and check if they match the database.

 

EDIT: Both of the above are better options

[PFMaBiSmAd]

No you cannot.

 

Also, MD5() is technically a hash, not encryption (to do what you want would require using actual encryption/decryption.) MD5() hashes are not unique. Multiple starting values produce the same md5 hash. So, even if you make a table of all possible input values (in this case 10 digit numbers) there will be multiple entries that give the same md5 hash and you would never know when one was the actual starting value.

[drewbee]

Check out

http://us.php.net/mcrypt

 

Good read on mcrypt

[Solarpitch]

Many thanks for the feedback guys. I like what foreverhex said about storing an encrypted value and a non encrypted value... but the only problem with that is I dont want the 10 digit number anywhere in the database if its not encrypted so on second thoughts that may not work.

 

I'll check out that link drewbee and see how I get on. I'll work something out.

 

Thanks again!

[PFMaBiSmAd]

The point of storing a hashed or encrypted value in a database is so that if the database is compromised, the original value cannot be gotten and used. On a shared host, every account has access to the database server and could gain access to your database by trying brute force usernames and passwords lists (all the more reason for using "strong" passwords for database access.)

 

Storing the un-encrypted value in the database defeats the whole purpose.

[foreverhex]

Yeah, the above is true. I was just grasping for a solution. Another way of doing it... depending on what your final reason is, is to store the encypted number and then store a partially encypted number. Kinda like site do to show you your credit card number. Sorry for the misspells if any, I'm still sleepy.

[haku]

Why would you want to show their password? I cant think of any good reason to do so.