2

how to decrypt the crypt("name")

Felix Kling
  • 795,719
  • 175
  • 1,089
  • 1,143
user36
  • 37
  • 1
  • 1
  • 5
  • If you know that the input is a 4-letter word... you can try all 4-letter words until one matches. – tucuxi May 25 '15 at 16:02

8 Answers8

17

You can't. From the documentation:

Note: There is no decrypt function, since crypt() uses a one-way algorithm.

Reading documentation helps ;)

Felix Kling
  • 795,719
  • 175
  • 1,089
  • 1,143
  • 1
    If you want encrypt/decrypt, checkout [Best way to use PHP to encrypt and decrypt?](http://stackoverflow.com/questions/1289061/best-way-to-use-php-to-encrypt-and-decrypt). – Konerak Apr 11 '11 at 11:45
7

crypt is one way hashing, you can't decrypt it.

If you want to compare it against another string you could crypt that too and then compare the two crypted strings.

Twelve47
  • 3,924
  • 3
  • 22
  • 29
2

crypt — One-way string hashing

Headshota
  • 21,021
  • 11
  • 61
  • 82
2

use two way hashing

try with mcrypt

tutorial

xkeshav
  • 53,360
  • 44
  • 177
  • 245
0

I have find an example for mcrypt and create the two functions, for text or for binary files:

function MyDecrypt($input,$key){    
        /* Open module, and create IV */
        $td = mcrypt_module_open('des', '', 'ecb', '');
        $key = substr($key, 0, mcrypt_enc_get_key_size($td));
        $iv_size = mcrypt_enc_get_iv_size($td);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        /* Initialize encryption handle */
        if (mcrypt_generic_init($td, $key, $iv) != -1) {
            /* 2 Reinitialize buffers for decryption */
            mcrypt_generic_init($td, $key, $iv);
            $p_t = mdecrypt_generic($td, $input);
                return $p_t;
            /* 3 Clean up */
            mcrypt_generic_deinit($td);
            mcrypt_module_close($td);
        }
} // end function Decrypt()


function MyCrypt($input, $key){
    /* Open module, and create IV */ 
    $td = mcrypt_module_open('des', '', 'ecb', '');
    $key = substr($key, 0, mcrypt_enc_get_key_size($td));
    $iv_size = mcrypt_enc_get_iv_size($td);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    /* Initialize encryption handle */
    if (mcrypt_generic_init($td, $key, $iv) != -1) {
        /* 1 Encrypt data */
        $c_t = mcrypt_generic($td, $input);
        mcrypt_generic_deinit($td);
            return $c_t;
        /* 3 Clean up */
        mcrypt_generic_deinit($td);
        mcrypt_module_close($td);
    }
}

For Example Crypt a string :

    $original_text = "Hello world !";
    $password = "abc123";
echo '<p>Original_text: '.$original_text.'</p>';
    $crypted_text = MyCrypt($original_text,$password);
echo '<p>Crypted_text: '.$crypted_text.'</p>';
    $decrypted_text= MyDecrypt($crypted_text,$password);
echo '<p>Decrypted_text: '.$decrypted_text.'</p>';

echo '<p>And if I try with a wrong password?</p>';
    $wrong_decrypted_text= MyDecrypt($crypted_text,"wrong_pw");
echo '<p>Decrypted with wrong password: '.$wrong_decrypted_text.'</p>';

I hope helpful

madde74
  • 829
  • 6
  • 3
  • note that DES is woefully unsecure and stronger alternatives should be preferred (say, AES) ; and also that using ECB is also a bad idea - CBC is much more secure for most applications. – tucuxi May 25 '15 at 15:54
0

You can't truly decrypt it, because there are (infinitely) many strings such that crypt($input) == crypt("name") -- but you can, via brute-force trial-and-error, find some of those strings.

If you know or suspect that the original string is a short dictionary word, and you find a short dictionary word that produces the same output, chances are you have "decrypted" the original string.

md5 and many weaker hash functions are attacked in this way routinely.

tucuxi
  • 17,561
  • 2
  • 43
  • 74
0

Since crypt() produces a hash decrypting is not possible. If you need to guess the original data ("name") you can use a combination of a brute force algorithm and a huge dictionary.

intellion
  • 1,397
  • 12
  • 27
  • even then you will be struggling to get any where, crypt will randomly create salts so with all the brute forcing you do will won't get far. – Story Teller Jul 11 '12 at 04:57
-2
<?php

$hashed_password = crypt('mypassword'); // let the salt be automatically generated

/* You should pass the entire results of crypt() as the salt for comparing a
   password, to avoid problems when different hashing algorithms are used. (As
   it says above, standard DES-based password hashing uses a 2-character salt,
   but MD5-based hashing uses 12.) */
if (hash_equals($hashed_password, crypt($user_input, $hashed_password))) {
   echo "Password verified!";
}

?>
Osama Hussain
  • 59
  • 5