1

I have stored a password in database using md5 with salt. I want to retrieve the original password from the md5 value of password.

Mansour hassan
  • 625
  • 2
  • 6
  • 14
  • 2
    You can't, md5 isn't encryption, it's a hash, which is one-way. Though if you're wanting to get the plain text password back I would suspect you're planning something you potential shouldn't. – Jonnix Jun 15 '16 at 22:08
  • 2
    Oh, incidentally, don't use md5 (even with a salt) if you can help it, instead try to use PHP's [password API](http://php.net/password) (also a hash, so one-way, but more secure). – Jonnix Jun 15 '16 at 22:10
  • 3
    The whole point of using hashing instead of encryption for passwords is to prevent this. – Barmar Jun 15 '16 at 22:13
  • you could create a rainbow table using your salt and every possible word or letter combination ( witch is a bunch of them ), typically this is done populating a database then you can compare the hash to the rainbow table by querying said database for it. :) – ArtisticPhoenix Jun 15 '16 at 22:18

1 Answers1

2

The short answer is no. The point of MD5 is that it creates a unique fingerprint for a string. It's not an encryption, so it can't be reversed.

Technically, you could probably run brute-force attacks but that's practically impossible given how many combinations there are. Sure, there are numerous attacks on MD5 such as generating collisions or hash length extension but there is generally no way to get the original password. Sorry.

What reason would you want to retrieve the original password?

Michael Zhang
  • 1,445
  • 12
  • 14
  • i'd use a rainbow table, that is if the salt is known. But still mauh..... – ArtisticPhoenix Jun 15 '16 at 22:21
  • I mean, there's really no reason to get the original password. If you lost your password, you should just reset it (how did you get the salted hash in the first place). If you want to attack a server, you probably shouldn't be. – Michael Zhang Jun 15 '16 at 22:22
  • ^ what he said, also if you need to reset it, just use php and md5 to create a new hash, and update the db record for the user. Maybe if you explain the reason you need it, we could help solve the actual problem. – ArtisticPhoenix Jun 15 '16 at 22:30