Unhash MD5 String

No. It's an MD5 summary, not an encryption method.
The only way would be to bruteforce the password, which means you'd potentially spend a thousand years+ on a single password

It is better practice not to keep passwords in clear so you encrypt them.
If the user forgets it, you send a verification link to their E-mail so they can choose another password. Then you hash it and overwrite the previous password hash.

The whole point of hashing something is so that you aren't saving it in cleartext and it cannot be undone. Every input maps to an (almost) unique hash, but it is not reversible, especially since there exist collisions. For example, say "foo" hashes to "EbA" in some hashing scheme, but so does "bar". There is no way to reverse it to know if the original was "foo" or "bar". It's basically the definition of hashing.

You would need something like mcrypt() in PHP if you want to be able to decrypt it, but that is still slightly insecure because if for some wild reason a malicious user gets a hold of the encryptioned as well as your private key, he can decrypt them easily.

The best solution for password management was outlined by sdsinc, where you give the user the option to reset their password, email them a temporary link (after verifying their identity, of course) that lets them set a new password, and simply overwrite the hash with the new password.

Another way to do it is to generate a random password, overwrite their current password with the new hash, email that password to them, and tell them to log in and change it to whatever they'd like.

Thank you guys, both solutions sound great

Even NASA cannot decrypt MD5

Well brute force actually works well with weak/short passwords.

Look up rainbow tables, but even with those it's a pain to decrypt.

Imagine you have three people standing in a line. Call them person A, B and C. Person A trusts Person C to keep his data safe, but doesn't trust Person B. So, Person A transforms (encrypts) his data, then tells Person B the encrypted jibberish, who then passes it along to Person C.

Now, let's say Person A wants to prove to Person C that he/she is actually Person A. Person A still doesn't trust Person B, so he has to pass the data after transforming it. Person B sends that along to Person C.

Now, think of A, B and C as the user, Internet and web site, respectively (there's a little but of discrepancy because the *server* usually does the encryption, but I digress...). At no point does anyone but the user know or store his *actual* password, only a transformed version.

In theory, as with all encryption and transformation, with enough time, one could "reverse" anything. It's just a matter of trying all of the possible combinations, like picking a combination lock (one of the good ones that don't stick when you hit the right number.) However, naturally, this takes time--especially with something like MD5, where the parameters can be any character that a computer can parse in a string.

So yeah. The short answer is that you can't. The best practice in this situation is to make a new password (randomly, for the love of all things...) for the user, hash it, and send them the new password, or a link which will then give them a one-time login, after which they must change the password.

Thanks everyone,

That's what I've done; I generate a new password and email it to the user

You could use rainbow tables to do it quickly, but it would very difficult to implement with PHP.

You seem to have it covered, but just wanted to mention another possibility too. There are numerous md5 reverse lookups available on the net now. One like:

Reverse MD5 hash lookup

Google for: "reverse md5"

CyXic said:

You could use rainbow tables to do it quickly, but it would very difficult to implement with PHP.

Click to expand...

Rainbow tables are just pre-computed hashes; in order to find, say "thisismypassword" from its MD5 hash, you'd have to have a rainbow table with "thisismypassword" already hashed. That's why security analysts say to never use things like dictionary words as your password; rainbow tables are heavily based on the dictionary and other common words/phrases.

Brujah said:

You seem to have it covered, but just wanted to mention another possibility too. There are numerous md5 reverse lookups available on the net now. One like:

Reverse MD5 hash lookup

Google for: "reverse md5"

Click to expand...

Same thing. Those "reverse md5" sites are merely using rainbow tables to search through what you plug in.

Actually, if you look at how they work, if it can't find something in the rainbow table the first time, it'll compute the MD5 hash and add it to the table, so the second time you search for, say, "nobody_could_guess_this_12093810293," it'll be there.

Right, so rather than build your own you could use an API from one of these reverse md5 sites assuming a large percentage of your members passwords will be there and then force a new password for those that aren't. That's the general idea I had in mind at first anyway.

Eh, in my opinion that's a security risk. I don't believe that a user's password should ever be sent or exposed in plain text, for obvious reasons.

Agreed, that's a terrible idea in terms of security. I get mad whenever I sign up for a website and it sends me my password in plain text. Why do so many sites do this?