• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

How to decrypt a password in php encrypted with password()

Steve_Oaks

Gawd
Joined
Dec 17, 2002
Messages
808
How to decrypt a password in php encrypted with password() function? I cant even find the funtion on php.net yet somehow I am using a password function and I sure did not create it. I want to decryp t passwords for viewing an changing. Thanks
 
You're probably thinking of the "password()" function as provided by MySQL.

Er...maybe not. But I know there's an "encrypt()" function or similar in MySQL.
 
decryptable passwords are generally a bad idea. If someone forgets their PW, give them a new one.
 
i think the point is that it's a one way conversion, you can't retrieve a pw from an encrypted one
 
Originally posted by carl67lp
You're probably thinking of the "password()" function as provided by MySQL.

Er...maybe not. But I know there's an "encrypt()" function or similar in MySQL.

Yeah, why the heck did I not think of that last night. It is being used in an sql statement in php so yeah it probably is a mysql statement.

So you can decrypt then? No its more or less for I was bet(from someone who does not know computer stuff) if I could figure out what their password mean. Their password is in my phpbbb's database but I need to decrypt it, then whatever the password is it means something that I have to figure out. So the bet is not decrypting it, its what the plain text password means.
 
PhpBB uses MD5 encryption for the passwords, which to my knowledge, cannot be decrypted. The php function is md5(). I haven't looked at PhpBB's source, but figured that the password encryption was done in php, not in the MySQL. Either way, if you enter a password in PhpBB and create one using md5 and compare the encrypted strings, they'll be the same.
 
Originally posted by jrbryner
PhpBB uses MD5 encryption for the passwords, which to my knowledge, cannot be decrypted. The php function is md5(). I haven't looked at PhpBB's source, but figured that the password encryption was done in php, not in the MySQL. Either way, if you enter a password in PhpBB and create one using md5 and compare the encrypted strings, they'll be the same.


Well, not as much "cannot be decrypted" as "takes too long time to decrypt to make it practical to have a php function". It's not intended to be decryptable, but it can be brute-forced.
Of course, "decrypt" and "bruteforce" aren't really the same thing. :D

(I suspect more than one password might give the same md5-hash, too.)
 
If you want to get picky, MD5 is generally considered a 'one-way hash', rather than encryption. The idea is that it produces a 'unique' fingerprint from some data & those fingerprints can be compared. Going back to the original value is essentially impossible, since there can be multiple strings of data that get the same finger print, so there's no way to know which one it was uniquely.

Compare this to 'encryption' which generally implies that, given the right 'key' the original data can be recovered.



Obviously, for things like passwords, it's a lot more secure if you use a cryptographically-secure hash than an encryption; if your DB gets compromised, the hacker wouldn't actually be able get anyone's passwords.
 
Originally posted by ameoba
If you want to get picky, MD5 is generally considered a 'one-way hash', rather than encryption. The idea is that it produces a 'unique' fingerprint from some data & those fingerprints can be compared. Going back to the original value is essentially impossible, since there can be multiple strings of data that get the same finger print, so there's no way to know which one it was uniquely.

Compare this to 'encryption' which generally implies that, given the right 'key' the original data can be recovered.



Obviously, for things like passwords, it's a lot more secure if you use a cryptographically-secure hash than an encryption; if your DB gets compromised, the hacker wouldn't actually be able get anyone's passwords.


Completely agreed.

Now, the only problem with MD5 is that 1) you can, given very reasonable amounts of time, find some key that hashes right, and 2) it doesn't matter if it isn't the original password (unless there's some creative additional checking in the system).
 
Back
Top