I am using code $enrypt=md5($pass) and inserting $encrypt to database. I want to find out a way to decrypt them. I tried using a decrypting software but it says the hash should be of exactly 16 bytes. is there any way to decrypt it or to make it a 16 byte md5 hash?
My hash looks like this: c4ca4238a0b923820dcc
As already stated, you cannot decrypt MD5 without attempting something like brute force hacking which is extremely resource intensive, not practical, and unethical.
However you could use something like this to encrypt / decrypt passwords/etc safely:
$input = "SmackFactory";
$encrypted = encryptIt( $input );
$decrypted = decryptIt( $encrypted );
echo $encrypted . '<br />' . $decrypted;
function encryptIt( $q ) {
$cryptKey = 'qJB0rGtIn5UB1xG03efyCp';
$qEncoded = base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), $q, MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ) );
return( $qEncoded );
}
function decryptIt( $q ) {
$cryptKey = 'qJB0rGtIn5UB1xG03efyCp';
$qDecoded = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), base64_decode( $q ), MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ), "\0");
return( $qDecoded );
}
Using a encypted method with a salt would be even safer, but this would be a good next step past just using a MD5 hash.
There is no way to decrypt MD5. Well, there is, but no reasonable way to do it. That's kind of the point.
To check if someone is entering the correct password, you need to MD5 whatever the user entered, and see if it matches what you have in the database.
/* you can match the exact string with table value*/
if(md5("string to match") == $res["hashstring"])
echo "login correct";
This question is tagged with PHP. But many people are using Laravel framework now. It might help somebody in future. That's why I answering for Laravel. It's more easy to encrypt and decrypt with internal functions.
$string = 'c4ca4238a0b923820dcc';
$encrypted = \Illuminate\Support\Facades\Crypt::encrypt($string);
$decrypted_string = \Illuminate\Support\Facades\Crypt::decrypt($encrypted);
var_dump($string);
var_dump($encrypted);
var_dump($decrypted_string);
Note: Be sure to set a 16, 24, or 32 character random string in the key option of the config/app.php file. Otherwise, encrypted values will not be secure.
But you should not use encrypt and decrypt for authentication. Rather you should use hash make and check.
$password = Input::get('password_from_user');
$hashed = Hash::make($password); // save $hashed value
// $user is database object
// $inputs is Input from user
if( \Illuminate\Support\Facades\Hash::check( $inputs['password'], $user['password']) == false) {
// Password is not matching
} else {
// Password is matching
}
It's not possible to decrypt MD5 hash which created. You need all information to decrypt the MD5 value which was used during encryption.
You can use AES algorithm to encrypt and decrypt
JavaScript AES encryption and decryption (Advanced Encryption Standard)
Hashes can not be decrypted check this out.
If you want to encrypt-decrypt, use a two way encryption function of your database like - AES_ENCRYPT (in MySQL).
But I'll suggest CRYPT_BLOWFISH algorithm for storing password. Read this- http://php.net/manual/en/function.crypt.php and http://us2.php.net/manual/en/function.password-hash.php
For Blowfish by crypt() function -
crypt('String', '$2a$07$twentytwocharactersalt$');
password_hash will be introduced in PHP 5.5.
$options = [
'cost' => 7,
'salt' => 'BCryptRequires22Chrcts',
];
password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);
Once you have stored the password, you can then check if the user has entered correct password by hashing it again and comparing it with the stored value.
