Web Hosting Talk






PDA

View Full Version : MD5 Problem

[UN]Jake
07-17-2003, 09:16 PM
Alright, I have my passwords stored in the database as MD5 but if I want to echo out the password again, I can't.

I know modernbill does this. (Display user passwords after they are encrypted in the database)

Are they using a different encryption system?

Is there a way to decrypt Md5..as far as I know, its only one way hashing.
dreamrae.com
07-17-2003, 10:33 PM
Originally posted by [UN]Jake
Alright, I have my passwords stored in the database as MD5 but if I want to echo out the password again, I can't.

I know modernbill does this. (Display user passwords after they are encrypted in the database)

Are they using a different encryption system?

Is there a way to decrypt Md5..as far as I know, its only one way hashing.

md5 is one way, just say the password in plaintext to a cookie or a var or something wait, thats only if you need to display the password in that current session, why not just use blowfish or something
[UN]Jake
07-18-2003, 12:47 AM
Blowfish?
NyteOwl
07-18-2003, 05:02 PM
Blowfish another encryption algorithm. Very secure, quite fast and, unlike MD5, reversible.
WLHosting
07-18-2003, 05:06 PM
Could you please post where we can get this algorithm please. I am interested in this as well.
[UN]Jake
07-18-2003, 05:46 PM
Yes is it compiled into PHP? Or an extension?
[UN]Jake
07-18-2003, 05:58 PM
I found it...Blow fish is in the Mcrypt library.

Once compiled into php, you should write functions to encrypt and decrypt your text here are some that I found.


//////Encryption Function

function encrypt($data)
{
$key="secretkey";
$cipher = MCRYPT_BLOWFISH;
$mode = MCRYPT_MODE_CFB;
srand(md5($key));
return (string) base64_encode(mcrypt_encrypt($cipher, substr(md5($key), 0, mcrypt_get_key_size($cipher, $mode)),
$data, $mode, mcrypt_create_iv(mcrypt_get_iv_size($cipher, $mode), MCRYPT_RAND)));
}

//////Decryption Function

function decrypt($data)
{
$key="secretkey";
$cipher = MCRYPT_BLOWFISH;
$mode = MCRYPT_MODE_CFB;
srand(md5($key));
return (string) mcrypt_decrypt($cipher, substr(md5($key), 0, mcrypt_get_key_size($cipher, $mode)),
base64_decode($data), $mode, mcrypt_create_iv(mcrypt_get_iv_size($cipher, $mode), MCRYPT_RAND));
}
dreamrae.com
07-18-2003, 09:03 PM
blowfish is my fav :D
innova
07-18-2003, 11:54 PM
Blowfish is secure?

Any 2-way encrytion is secure? Wow this is news to me...

The key must be stored on the server, therefore it would be fairly trivial to recover the key and decrypt the data.

Hope you arent storing CC's this way...