How to recover password from MD5?

Question

I'm using md5 to encrypt the user's password in my database, and I want them to get their password back when they forget by sending them email. The problem is I don't know how to write PHP code to recover it back.

Any answer, or appropriate link would be very much appreciated. Thanks..

hash, not encrypt, and you can't that's the whole point of using a hash. the standard practice would be to send them to a url to set a new password. — , Apr 06 '12 at 09:03
If you want the passwords to be recoverable, why do you hash them in the first place? (note: I'm not suggesting not hashing passwords.) — JJJ, Apr 06 '12 at 09:07
@Dagon, I would vote up that if you give a answer with that, and some more explanations on why to do that — Ismael Abreu, Apr 06 '12 at 09:08
possible duplicate of [Is it possible to decrypt md5 hashes?](http://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes) — Mechanical snail, Jan 07 '13 at 23:27

score 12 · Accepted Answer · 2013-02-07T22:38:04.690

12

This cannot be done¹

MD5 is a hashing function and not an encryption function. It is a one-way process and not reversible.

¹Actually, there are many such passwords (inputs) which will result in the same MD5 value when hashed, but it's "hard" to find just one and [generally] impossible to find the original one. This is what "cracking" a password does - it finds one such input that, when hashed, results in the particular output. (And I will provide no more help down this road.)

edited Feb 07 '13 at 22:38

answered Apr 06 '12 at 09:02

As state reversing can't be done, however getting the equivalent can be found by looking at rainbow tables. This is mentioned in another answer (although the referenced link is bad, but its easy enough to find the equivalent by google). – James Oravec Jan 11 '22 at 18:04

score 7 · Answer 2 · answered Apr 06 '12 at 09:10

As mentioned- MD5 like all hash functions- shouldn't be reversed. It's also can be done because many string can be hashed to the same string and when reversed you can get different string.

If you're lucky you can find your hash in rainbowtables: http://www.md5rainbow.com/ but it can bring you not your original string, although it doesn't matter cause in your login you probably compare the hashed strings.

What you probably want to do is 'reset your password' instead of sending the original password.

Above link is broke, but just google "md5 rainbow" when I did, I got https://crackstation.net/ which worked — James Oravec, Jan 11 '22 at 18:02

score 2 · Answer 3 · answered Apr 06 '12 at 09:07

MD5 is a hash function, you should never try to recover the hashed password. The common practice would be to erase the hashed password and force them to set a new password from a link in the email. Passing hashed passwords, then trying to reverse hash them, is a serious security hole.

score 2 · Answer 4 · answered Apr 06 '12 at 09:12

Theoretically in most cases, your user would prefer you to send them a special link that will resets there password after some checks, you should not send plain text passwords in mails nor should you let your user know that you have an unhashed version of there password available within your system.

score 0 · Answer 5 · answered Apr 06 '12 at 09:05

0

Rainbow tables may be of some interest for you.
It is not possible to recover original password from hash, but using rainbow tables it may be possible to find some string that will produce the same hash as you need.

answered Apr 06 '12 at 09:05

max taldykin

12,459
5
45
64

please tell me what sites your in charge of, so i can avoid them. – Apr 06 '12 at 09:12

How to recover password from MD5?

5 Answers5