Md5 encrypted passwords

SpaceshipSpaceship
SpaceshipSpaceship
SpaceshipSpaceship
Watch

klavixs

Account Closed
Impact
6
Warning to novices in php this is a pretty advanced script and should be used by a person who is very knowledge in php if you insist on useing it on a novice stage it's at your own risk.

This scrypt checks a user inputed password and then encrypts it and checks the db's version of the md5 enc to see it is correct
PHP:
//str is the inputed password the user gave
Function Encpass($str)

{

//this now encrypts the inputed password
md5($str);

//this checks the encrypted version of the inputed password
//to the databases stored version to see if it's correct
//change usrpass to whatever variable you use for the retrieved pass from db your checking
if (md5($str) == $usrpass)
 
 {
  //in your script check, if Cvalue equals 2 and it's a correct pass
  $Cvalue = "2";
 
  }
 
  else
  {
  //but if its a 1 it's incorrect password
  $Cvalue = "1";
  }

}
//you should next check Cvalue to make sure it equals 2
//if you use this and like it a link to my website is appreciated but not required
// my website is http://onfiretechnologies.com and it's an arcade of flash games 
// and has lots of cheat codes so use what ever relateing text you wish

this next part is for user registration

PHP:
//this part is for user registration to encrypt password in md5
//stpass is the inputed password to encrypt
Function CMd5Pass($stpass)
{
//npass is the new encrypted version of the orignal inputed pass
$Npass = md5($stpass)
}

//now to enter it in db. save the Npass variable to the db for password
//if you use this and like it a link to my website is appreciated but not required
// my website is http://onfiretechnologies.com and it's an arcade of flash games 
// and has lots of cheat codes so use what ever relateing text you wish
 
0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
AfternicAfternic
Good method there...very secure :)

Heres another one...pretty much uncrackable (well...unless you can figure out a way to decode over 11 characters at a time)

PHP:
$hash=md5(sh1(str_rot13(md5(md5(md5($password.md5(sh1($password.$salt))))))));

If you can crack that then you are very desperate :P
 
0
•••
Richy said:
lmao, i have a 15 digit hash, md5database.net decrypts it straight away :S.

but if i use md5 then md5 and salt over that, it cant... that is much stronger. (type of hash ipb uses etc)
MD5 cannot be decrypted. The site you mentioned just has a list of some MD5 values with the respective data, on which it performs a lookup, this can be achieved with each hash method.
 
0
•••
neroux said:
MD5 cannot be decrypted. The site you mentioned just has a list of some MD5 values with the respective data, on which it performs a lookup, this can be achieved with each hash method.

Actualy MD5 CAN be decrypted...and pretty easily at that.
 
0
•••
MD5 CANNOT be decrypted, as it's not encryption in the first place!

Yes, finding a string of some sort that hashes to the same value as the string we want is relatively simple, but that is not decryption.
 
0
•••
Call it what you like...the fact is you can turn an MD5 string back to its origional state. End of story.
 
0
•••
if it is so easily decryptable then could someone please decrypt this hash please:
4C7C835D244453B9A29D397E5CD973FD
If it was so easily decryptable then it would be the ultimate in compression, as a hash can be taken of files, so imagine turning a 4 gig movie into a 32 byte string?
 
0
•••
rmwebs: no offence, but you can't. lee101 is right. Even if you can reverse an MD5 hash to a value, you don't know for sure that that is the original string. I'll be the first to admit that I haven't been keeping up with reversing MD5 hashes but I know for a fact that what you end up with is not guaranteed to be the same as the original starting string. All references to breaking MD5 that I have seen are about finding strings that have the same hash as the original.

Now I know that this doesn't make any real difference to hashed passwords (as if the code is just comparing the hash of one string to that of another, you need the hashes to match only) but it is important that everyone in the discussion understand exactly what's being discussed.
 
0
•••
rmwebs said:
Actualy MD5 CAN be decrypted...and pretty easily at that.
Well, if its that easy please tell me the original data of the following hash and I pay you US$20

6d099b839e50c2e6138789b360aecdd0
 
0
•••
MD5 is a hash so it can by definition not be decrypted. MD5 can be attacked however, but most of that is avoidable by adding salt or MD4-ing the hash itself.
 
0
•••
rmwebs said:
Call it what you like...the fact is you can turn an MD5 string back to its origional state. End of story.
original*

Anyway, there is no way to decrypt or turn an MD5 string back to it's original state. You can only brute-force it. The act of brute forcing is basically just taking a bunch of guesses until you find a match.

Of course, people have generated lists of common passwords and their hashes as well as rainbow, which will help discover simple passwords using basic character sets, but is easily defeated by salting and multi-layer hashing.

There is no possible way to just 'decrypt', 'decode', 'revert', 'reverse', or (call it what you like) a hash string. End of story.


...

Back on topic, what makes this such an advanced script? lol. It doesn't actually do anything.
 
Last edited:
0
•••
i know this is off topic, but, imagine in the future when processors are millions times better than they are now, by using something similar to a md5 hash, and if computers were quick enough use a brute force attack to decode it, then in say a few seconds you could get virtually all the possible results, you choose the one you want and thenit is decoded into the original file, thus removing the need for larger and larger hard drives, and even high speed internet, by just using a hell of a lot of hashes, obviously htere are probably flaws in that, but it was just a thought i had
 
0
•••
Jim_ said:
original*

Anyway, there is no way to decrypt or turn an MD5 string back to it's original state. You can only brute-force it. The act of brute forcing is basically just taking a bunch of guesses until you find a match.

Of course, people have generated lists of common passwords and their hashes as well as rainbow, which will help discover simple passwords using basic character sets, but is easily defeated by salting and multi-layer hashing.

There is no possible way to just 'decrypt', 'decode', 'revert', 'reverse', or (call it what you like) a hash string. End of story.


...

Back on topic, what makes this such an advanced script? lol. It doesn't actually do anything.

You don't know how wrong you are...

I'm not going to argue with you; but it can and has been done...it takes a long time to get the string, but it can be done.
 
0
•••
You can definitely get A string, but you can't prove that it's THE string.
 
0
•••
rmwebs said:
You don't know how wrong you are...

I'm not going to argue with you; but it can and has been done...it takes a long time to get the string, but it can be done.
That's just finding a matching collision. Takes forever and theres no way to prove that the result is the data originally hashed.

You have no idea how rude you come off.
 
1
•••
Given a MD5 string for less then 14 original characters I can decrypt it.

The problem is that my PC is not supporting the multiples of more then 14 characters. It hangs my PC :(
 
0
•••
rmwebs said:
You don't know how wrong you are...

I'm not going to argue with you; but it can and has been done...it takes a long time to get the string, but it can be done.
As I said, tell me the original data of

6d099b839e50c2e6138789b360aecdd0

and I pay US$ 20.

nick_mayhem said:
Given a MD5 string for less then 14 original characters I can decrypt it.

The problem is that my PC is not supporting the multiples of more then 14 characters. It hangs my PC :(
Its was never said that MD5 is not vulnerable too brute force attacks, but each enryption/hashing method is that.

I will pay you US$5 as well, if you can actually decrypt (which shouldnt be possible with a hash, but maybe we learn something new today) this hash in a reasonable time

8a9e4a2e5c862322789d22f9d4ced72c

Its less then 14 characters and upon a successful "decryption" I will need to know the exact methods and steps you used.
 
0
•••
You can't decrypt md5.. only brute force it.

Make it safer by md5'ing it twice, or maybe adding another encryption method like salt/sha1.

//edit oh and lee101 the string you provided isn't even an md5.
 
Last edited:
0
•••
Firstly, theres no way in a million years i would share how to do it...if more people know how to do it, more people loose passwords to script kiddies.

Secondly, I am not going to do this...why?

Well firstly I don't like being spoken to like something that came out of your rear end.
Secondly it would take around 2 days as the script is VERY slow (as nick_mayhem has already stated).
And finally, i don't need to prove myself to some ignorant person who wont accept reality...remember when MD4 was cracked...

There are several sites on the internet with teams of people who have been cracking MD5. Some of them are using their own cracking software, some of them use a widely available tool to do it...if you are smart enough you can probably find this tool using Google.

Edit: Oh, and another thing...the US government used SH-1 until recently...if you read into WHY they switched it was because not just MD5, but SH1 has also been compromised ;)
 
Last edited:
0
•••
rmwebs said:
Firstly, theres no way in a million years i would share how to do it...if more people know how to do it, more people loose passwords to script kiddies.

Secondly, I am not going to do this...why?

Well firstly I don't like being spoken to like something that came out of your rear end.
Secondly it would take around 2 days as the script is VERY slow (as nick_mayhem has already stated).
And finally, i don't need to prove myself to some ignorant person who wont accept reality...remember when MD4 was cracked...

There are several sites on the internet with teams of people who have been cracking MD5. Some of them are using their own cracking software, some of them use a widely available tool to do it...if you are smart enough you can probably find this tool using Google.

That sounds like you're brute forcing it... which means going through each possible combination to see if that's the string. This isn't the same as decrypting. If this is wrong, please, tell me.
 
0
•••
Nope, not brute forcing (although that is much easier than reversing it).
 
0
•••
Dynadot — .com TransferDynadot — .com Transfer
Truehost — .com domains from $4.99, hosting includedTruehost — .com domains from $4.99, hosting included

We're social

Escrow.com
Spaceship
Domain Recover
CryptoExchange.com
Catchy
DomDB
NameFit
  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back