encrypt and decrypt md5

php security hash passwords md5

497,592

Solution 1

As already stated, you cannot decrypt MD5 without attempting something like brute force hacking which is extremely resource intensive, not practical, and unethical.

However you could use something like this to encrypt / decrypt passwords/etc safely:

$input = "SmackFactory";

$encrypted = encryptIt( $input );
$decrypted = decryptIt( $encrypted );

echo $encrypted . '<br />' . $decrypted;

function encryptIt( $q ) {
    $cryptKey  = 'qJB0rGtIn5UB1xG03efyCp';
    $qEncoded      = base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), $q, MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ) );
    return( $qEncoded );
}

function decryptIt( $q ) {
    $cryptKey  = 'qJB0rGtIn5UB1xG03efyCp';
    $qDecoded      = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), base64_decode( $q ), MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ), "\0");
    return( $qDecoded );
}

Using a encypted method with a salt would be even safer, but this would be a good next step past just using a MD5 hash.

Solution 2

There is no way to decrypt MD5. Well, there is, but no reasonable way to do it. That's kind of the point.

To check if someone is entering the correct password, you need to MD5 whatever the user entered, and see if it matches what you have in the database.

Solution 3

/* you  can match the exact string with table value*/

if(md5("string to match") == $res["hashstring"])
 echo "login correct";

Solution 4

This question is tagged with PHP. But many people are using Laravel framework now. It might help somebody in future. That's why I answering for Laravel. It's more easy to encrypt and decrypt with internal functions.

$string = 'c4ca4238a0b923820dcc';
$encrypted = \Illuminate\Support\Facades\Crypt::encrypt($string);
$decrypted_string = \Illuminate\Support\Facades\Crypt::decrypt($encrypted);

var_dump($string);
var_dump($encrypted);
var_dump($decrypted_string);

Note: Be sure to set a 16, 24, or 32 character random string in the key option of the config/app.php file. Otherwise, encrypted values will not be secure.

But you should not use encrypt and decrypt for authentication. Rather you should use hash make and check.

To store password in database, make hash of password and then save.

$password = Input::get('password_from_user'); 
$hashed = Hash::make($password); // save $hashed value

To verify password, get password stored of account from database

// $user is database object
// $inputs is Input from user
if( \Illuminate\Support\Facades\Hash::check( $inputs['password'], $user['password']) == false) {
  // Password is not matching 
} else {
  // Password is matching 
}

Solution 5

It's not possible to decrypt MD5 hash which created. You need all information to decrypt the MD5 value which was used during encryption.

You can use AES algorithm to encrypt and decrypt

JavaScript AES encryption and decryption (Advanced Encryption Standard)

View more solutions

497,592

Author by

Tomer

Updated on July 05, 2022

Comments

Tomer almost 2 years

I am using code $enrypt=md5($pass) and inserting $encrypt to database. I want to find out a way to decrypt them. I tried using a decrypting software but it says the hash should be of exactly 16 bytes. is there any way to decrypt it or to make it a 16 byte md5 hash?

My hash looks like this: c4ca4238a0b923820dcc
Gumbo about 11 years

No, there is no way to decrypt MD5, because MD5 is not a cipher. But as you probably meant its reversibility, you can only remember input+output pairs for a later lookup or try to find collisions. But you cannot ‘decrypt’ it.
martinstoeckli about 11 years

The new function password_hash() is a good recommendation, but it looses some of its benefit, when you pass your own salt. Just let the function generate the salt, it does it in a cryptographically safe way.
Fr0zenFyr almost 11 years

@Gumbo: how do the MD5 decryptors work? It doesn't matter whether they store the key value strings, the process suggests that MD5 doen't use a custom salt which means it can be reversed if you get to the core of it.
Niet the Dark Absol almost 11 years

Here's an oversimplified way of putting it: 5+5 is 10, but if you just have 10 you can't know that the original numbers were 5 and 5. However, if you know the algorithm (take two numbers and add them), then you can reverse the 10 to get 3+7 and it will be accepted because the result is the same.
Gumbo almost 11 years

@Fr0zenFyr They are just huge lookup tables: Any known hash is mapped onto the input that was used to generate it; if someone looks up a hash that is known, you’ll get the input value.
Gumbo almost 11 years

@Kolink It’s not that easy. Cryptographic hash functions should have the property that it’s infeasible to generate an input that has a given hash (pre-image attack).
Fr0zenFyr almost 11 years

@Gumbo: I agree that they use lookup tables but you are missing my point. If you generate an MD5 for a string on your server and i generate one on mine, is there a possibility that they are different(well, I think it is always same)? If not, that means you just have to find only one piece of the puzzle. For eg: like Kolink said, you know that salt is 3 and hash is 10, so it's not difficult to know that the original string is 7. Let me know if my assumption about universal hash is wrong, then my argument becomes wrong by itself.
Gumbo almost 11 years

@Fr0zenFyr MD5 is a completely deterministic function. An input X will always result in the hash Y on any system. However, it’s not a trivial function. Actually, cryptographic hash function should to fulfill certain criteria which render your assumptions invalid.
Sharif over 9 years

but that string wont be the same for everyone, i mean if there are 1000's of user that password string or id string wont be the same it would be a new string for each user
zaph over 8 years

Do you have a link to complete documentation for Crypt? Available modes, padding, password key extension, iv, output format? If not there is no way to interoperate or believe that the encryption is secure. Encrypter is insufficient.
nirav jobanputra almost 8 years

dude its not working your encryption is something different...try to decrypt this
nirav jobanputra almost 8 years

and decrypted value should be 123
nirav jobanputra almost 8 years

202cb962ac59075b964b07152d234b70 here is the encrypted of 123
Sukhwinder Sodhi over 6 years

For some the inputs it is not decrypting properly, Please help
girish about 6 years

mcrypt_encrypt is already deprecated in PHP 7.1.0. Relying on this function is highly discouraged.
aPugLife about 6 years

@girish do you have any suggestion on how to achieve a similar result with php7? - I was going to use it, and the information I would encrypt are not important at all: I just want to shrink a long $input (which is a path) and don't want the user to read this path, mostly because its length.
girish about 6 years

Not sure. but there is no way to decrypt a hashed password in PHP. Maybe you have to do base64 encode and decode with string reverse and maybe a SALT key of your choice.
Freedo over 4 years

Is this answer still updated? It's 2019 now and md5 is quite low processing power. Can't someone brute force it in a reasonable time?
statosdotcom almost 2 years

Page not found. Maybe this helps: javascript.tutorialink.com/…