Password Recovery: How to decrypt an md5 encrypted password?

database passwords md5 encryption
32,801

Solution 1

As others described quite well, you cannot easily 'decrypt' an MD5 hash.

I guess the best way to do your password recovery is like this:

  1. A user can request password recovery by providing his email address (it should be unique so users can be identified by email address).

  2. an email is sent to his address with a link containing a unique hash (which you have generated when sending the email and saved it to the db).

  3. when the link is clicked by the user (and of course the unique hash is checked to be equal with the one in the db) you can show a form which lets them choose a different password.

Another route that some people use is to simply ask for the email address, generate a new password and send it to the user. The problem with this one is that someone who knows only your email address can request a password change. He won't know the new pass, and you will get it by email, but still it is very inconvenient for the user.

Solution 2

MD5 is a hash-based encryption. What that means, is that there is no way to get back the original value. You have created something that is a "checksum" of the original data. You can use the MD5 algorithm to encrypt something else, and then compare that to the MD5'd version of the data, but you can never get back the original.

It would be similar to me saying: 5 + 3 + 2 = 10. The original data is 5, 3, and 2. But the "hash" is 10. There is no way to get the original data from the hash, but if someone supplies the correct input ( 5, 3, 2 ), I can hash it, and confirm that it matches hash that I have on file, 10.

Solution 3

I think MD5 is a one way hashing algorithm. What that means is that once you encrypt it, the data cannot be decrypted. (I'm sure a good hacker will disagree though)

Anyways, for passwords you can save the encrypted version of the password in the database. When a user attempts to log in, encrypt the entered password using the same MD5 algorithm, and compare the encrypted version of the password against the encrypted password stored in the database.

Once you're comfortable with this approach, you can start looking at the concept of adding salt to the hashed password.

Also, there are other hashing algorithms than just MD5. If you're using .NET, there's a bunch in the framework, such as SHA512Managed. Each one has its trade offs, such as speed to hash, security, etc. Pick one that fixes your particular problem.

Solution 4

You can't decrypt a md5 password! The only way would be to brute force it! If you want to do password recovery make a random string witch will be sent to the user by email (or any other way) and set as a md5'd password... Just an idea

EDIT: Why would you encrypt a password to keep it safe if you can decrypt it? Makes no sense! -> You could the basically leave the password unencrypted!

Solution 5

It's not easy, but you're best bet would be to use a rainbow table as the MD5 has does have vulnerabilities.

There are several online versions, which you may or may not be able to trust (or work).

Share:
32,801
Admin
Author by

Admin

Updated on January 03, 2020

Comments

  • Admin
    Admin over 4 years

    Possible Duplicate:
    Is it possible to decrypt md5 hashes?

    In my website, I'm using md5 encryption for the password. So it's saving in the encrypted form in the database. For doing the password recovery, how can I decrypt the encrypted password ??

    Please Help :)

  • Admin
    Admin about 13 years
    Agrees with you completely :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Preferred Method of Storing Passwords In Database
How do I encrypt this password with MD5 using PHP?
Login to PostgreSQL using md5 encrypted password and not plaintext password
RAR passwords, why don't rainbow tables work?
How to properly store a PBKDF2 password hash
password limitations in SQL Server and MySql
Drupal 7 password hash
How can I encrypt password in a batch file?
How to hash a password with SHA512
How to decrypt Whatsapp Database File?