Password text to mysql format converter plz help

[rcep]

Hello
Please I just want to know a way to convert passwords from normal text format to passwords (like in smf MYSQL DB) such as b5e8f7212e5f091e288e1a45e1180dca
I USED to have software that converts passwords these formats
Please can you tell me about a freeware that does this job.

Thanks!

 

[Hitch]

For MD5.

<?php

$password = "example";

$md5_pass = md5($password);

?>

For Salt + MD5 (Recommended)

<?php

$password = "example";

$salt = 's+(_a*';
$salt_pass = md5($password.$salt);

?>

Adrian

 

[rcep]

thx hitch but is there is a program which seams easier
( i got lots of passwords to be converted i need a faster method with less editing)

 

[hexlo]

Can't you just do that and add a couple of text boxes, could easily be done..?

 

[rcep]

Couple ???
i have to convert for 800 passwords same as there usernames
is there is an mysql code like this

 

[Kate]

Yes there is a mysql function for your purpose: MD5().

If you want to update the password field in your table do this:

UPDATE [I][table][/I] set [I][password_field][/I] = MD5([I][password_field][/I])

Perhaps it would be good to create a temporary field in the table first, and update that field only to check everything is OK. If you overwrite the passwords there is no way to recover them, except by brute force

 

[rcep]

aha thx that helped

but 1 more question
what is md5()
i passed by it a lot before

 

[Kate]

MD5 is a function that will create a non-reversible hash of a password (or any string).
See http://en.wikipedia.org/wiki/MD5

 

[Hitch]

Although, MD5 is often "cracked/decoded".

Using Salt and MD5 would be a much, better choice. :tu:

 

[Matthew.]

Although, MD5 is often "cracked/decoded".

Using Salt and MD5 would be a much, better choice. :tu:

Agreed, although MD5 can't technically be decoded (as it is technically never encoded) it can be brute forced and large hash dictionaries are ever increasingly available.

As Hitch says, always SALT your hashes

Matt

 

[tm]

Or encode them twice, or use a different encoding system on top of md5 (eg sha1(md5())).

 

[Kate]

Or encode them twice, or use a different encoding system on top of md5 (eg sha1(md5())).

This will not add security at all. It might even increase the risk of collision in certain cases. But sha1 is newer and considered more secure.

 

[tm]

This will not add security at all. It might even increase the risk of collision in certain cases. But sha1 is newer and considered more secure.

How is that so? Surely if the only way to crack a md5 is to brute force, it'll take longer and therefore is more secure.

 

[Matthew.]

You should not confuse how easy it is to crack something with how long it takes to do so...if it takes longer, it's not more secure.

 

[RegisterRants]

It all depends on how you define the term, and what you attribute to it

Anyways, md5 IS less secure than most make it out to be; rainbow tables et. al. ruined it. However, the same exists for SHA1 and any other encryption engine.

There is always a solution to the problem, likewise with encryption.

 

[rcep]

what if i want to do it the other way round from the long password to the short normal text password

 

[lee101]

you can't do that with MD5, also bear in mind that if you encrypt all the passwords, it is likely that all the scripts which access the database will need to be change to take into account the encryption.
The only PHP function I know which can be decrypted is base64_encde('String') and base64_decode('String') although this probably isn't that much securer than plain text