PHP/SQL: Un-md5 a string

Question

Possible Duplicate:
Is it possible to decrypt md5 hashes?

I have a database to store usernames, passwords, emails, etc. If a user forgets his/her password, I will send it to their email account.

The problem is that I encrypt the password to md5 before I store it into my database. If the user's password is ABC, I store it in my database as 867dbd57e9ca9f808. I cannot send the user "867dbd57e9ca9f808" if they forget their password. I would need to send "ABC". However, that would require me to "un-md5" the string, which I don't think is possible.

have them reset their password if they forget it; never email out plain text passwords. Also, MD5 is a one-way hash; there's no going back without a brute force dictionary or similar attack. — jches, Mar 17 '12 at 19:39

Robik · Accepted Answer · 2012-03-17T20:50:41.643

MD5 was designed to be hash, which is one way only, otherwise it would not be a hash. You should not send user his password, but give possibility to change it. You should generate a token, send link to change password to user's mail with token in GET parameter. If user change the passwords remove the token. Also, you should remember that token must have expiry time.

Something like:

myurl.com/passwordrecovery?token=someGeneratedToken

In database, you can look for token, and get user id. So for example, your table structure can look like:

user_id | token | expiry_time

If you would keep only tokens and expiry time in database, don't do this. Associate token with user, otherwise user can request password change, and he will get following link(Don't do this):

myurl.com/passwordrecovery?token=token&user_id=number

This way he can change someone else's password by replacing user_id. And get access to his account. Expiry time should not be longer than 24 hours.

Important

Don't use plain md5, it's easy to crack. Use pbkdf2 for example.

PHP implementations: PHP-Crypt-Lib, Pbkdf2 by inanimatt

score 2 · Answer 2 · answered Mar 17 '12 at 19:37

MD5 is not an encryption, it is hashing. Which means - it is irreversible. You can not get original string from the hash.

As for your situation: do as most sites do today. Instead of sending you your password, they send you a link, which you can use to reset the password. This way you don't have to store plain text password and send them in email.

score 2 · Answer 3 · answered Mar 17 '12 at 19:39

MD5 is not an encryption algorithm.

It is a hashing algorithm. What it produces is not an encrypted form of its input; it is a hash.

Hashing is a one-way transformation. In mathematics, there is a concept we call the "Pigeon Hole Principle". If you have ten birds, and nine cubbies in which to keep them, then there must be some cubby with more than one bird in it. Similarly, if you have passwords of length 50, and all your hashes are length 20, there must be multiple passwords with the same hash - there are far more pigeons than holes!

Since there are many (infinitely many, in fact) passwords with the same hash, even a brute-force guessing approach can't recover the original password from a hash (although it might be able to find some password which has a certain hash, without knowing for sure it was the one the user gave). The original information has been lost.

However, you should never need to send users their passwords. DO NOT EMAIL THEM A PASSWORD. The one exception is when a user needs to reset their password; in that case, generate a new temporary password/token for them, and give them that. Then force them to immediately set a new password on login. Ideally, you would use a secure communication vehicle for this (such as an SSL connection to your site), rather than insecure email.

You should not care what the user's password is, only that they know it.

score 1 · Answer 4 · answered Mar 17 '12 at 19:37

The entire point of hashing a string is to make it very hard to get the actual password back.

By the way, in order to increase the security of your database, you should "salt" the password hash, as just MD5 hashing the password text makes it easy for somebody with the hashes to get the passwords using a rainbow table.

If a user forgets their password, send them a link allowing them to create a new password. NEVER send a password by email, that's extremely insecure.

Luc M · Answer 5 · 2012-03-17T19:53:31.223

1

Here's an example what MD5 does:

Suppose that you want to "md5" the word "bar"

Suppose now that md5 takes every letter of the string, assign a value to each one and sum all numbers that you get.

b is assign to 2 (second letter of the alphabet...)
a is assign to 1
r is assign to 18

The sum is 21.

You cannot get the reversed value because with my dummy md5 function, "arb", "rab", "ggg" give also 21.

It's the reason why md5 is an one-way function.

edited Mar 17 '12 at 19:53

answered Mar 17 '12 at 19:45

Luc M

16,630
26
74
89

1

Only with MD5 it's not that easy to find a string that hashes to the same digest :) – Sergio Tulentsev Mar 17 '12 at 22:51
@SergioTulentsev Agree. I just wanted to explain very simply how it works. I feel that many people use these kind of function without any idea what happens behind the scenes. – Luc M Mar 17 '12 at 23:58
Yes, I have the same feeling. And this is sad. – Sergio Tulentsev Mar 17 '12 at 23:59

PHP/SQL: Un-md5 a string

5 Answers5

Important