MySQL ENCRYPT password but how to DECRYPT?

Question

I am going through this tutorial and I am using the ENCRYPT MySQL function.

http://www.pixelinx.com/2010/10/creating-a-mail-server-on-ubuntu-using-postfix-courier-ssltls-spamassassin-clamav-and-amavis/

But now I have the problem of how to decrypt the encrypted password in MySQL or in php? I want to compare if the password entered is the same as the encrypted one.

How can I compare it? MySQL must be encrypted with the ENCRYPT function!

I am searching but I can not find anything how to decrypt the ENCRYPT MySQL function...

If you're trying to decrypt a password, you're *doing it wrong*. — lc., May 10 '13 at 15:42
you compare the encrypt()ed hashes `select ... where savedhash=encrypt('newpassword')`. — Marc B, May 10 '13 at 15:42
Strange for the tutorial to tell you how to encrypt it but not what to do with it once it's encrypted. — Spudley, May 10 '13 at 15:45
Marc it is never the same, I already try, probably because of SALT — senzacionale, May 10 '13 at 15:45
The term "encrypt" is wrong. The passwords are not encrypted but hashed. — StanE, Feb 02 '16 at 07:13

score 15 · Answer 1 · edited May 13 '14 at 21:39

15

ENCRYPT is using a one way hash algorithm there is no DECRYPT.. That's the sense of enrypting passwords: a hacker should have no option to see the clear text passwords.

When you need to compare a password in db with one a user has entered, use a query like this (using prepared queries)

SELECT * FROM `user`
WHERE `name` = 'hek2mgl` 
  AND `password` = ENCRYPT('user_input', `password`)

The ENCRYPT function will output a "salted" string prefixed with the salt itself, so feeding it back the encrypted password will re-supply the original salt.

edited May 13 '14 at 21:39

LSerni

55,617
10
65
107

answered May 10 '13 at 15:42

hek2mgl

152,036
28
249
266

encrypt function always returns different values, so cannot be used in query, instead use password function – AjayR Jan 23 '14 at 02:17
1

Yeah, you are right, when called without a salt argument it uses a random salt. I wasn't aware of this when writing the answer. Your comment is much appreciated. After reading the manual, I still think that it can be used for password encryption tasks, but it is necessary to handle the salt properly. I'll edit the answer soon. – hek2mgl Jan 23 '14 at 07:45
see: man crypt - default "random" salt value is a first two char of encrypted phrase – ceph3us Jun 11 '16 at 00:59

score 4 · Answer 2 · answered May 10 '13 at 15:41

4

You can't decrypt the password - it is encrypted with one-way encryption.

What you need to do is encrypt the entered password and compare the result with the stored encrypted password.

answered May 10 '13 at 15:41

RichieHindle

272,464
47
358
399

score 0 · Answer 3 · answered May 10 '13 at 15:44

0

you don't need to DECRYPT the password. In order to check if a user submitted the correct password, just RE-ENCRYPT the password given by the user and check if it matches the one stored in your database.

Moreoever, a simple hash function will suffice (avoid MD5 and make use of salt to prevent dictionary or rainbow-tables attacks!)

answered May 10 '13 at 15:44

Gianluca Ghettini

11,129
19
93
159

so you suggest ENCRYPT('passwor', 'dsljfljfsdljfljsdf') – senzacionale May 10 '13 at 15:48
I'd suggest $hashed_pass = sha1("password+salt");. Salt should be used every time you hash your password, you can generate the salt from user data, keep secret the salt-generation process, store it in the db, and assure it's unique for every user. – Gianluca Ghettini May 10 '13 at 15:50

MySQL ENCRYPT password but how to DECRYPT?

3 Answers3

Linked