Hello, I have been looking at my scripts and tutorials online and if I am not mistaken, if you add an md5 hash to a password field and post that data into the DB, on the login page if you simply use the md5() again to retrieve the password from the db to make sure that they match, it will automatically decode the hash and compare the passwords? Thanks.
You md5 a password and store in the database at registration. On the login page, you md5 the enteres password again to check if the two results match.
For example, my password is 123456. You md5 this and store as e10adc3949ba59abbe56e057f20f883e. On the login page, I enter 123456, and you md5 it again and get e10adc3949ba59abbe56e057f20f883e. You check whether they are the same, and get me inside.
Yes I already understand this thanks. I was asking if simply using the md5 function on the password field would automatically encode and decode by using md5() on the register and login page but it sounds like you confirmed my assumption thanks!
md5 is hashing and not encoding, therefore it cannot be decoded. It cannot be decoded, but it there are ways of finding out what was used, which is why a salt is almost always used for additional protection.
anyway i have heard there are ways to decode md5 string
Md5 can be brute forced (by trying every possible combination until the two hashes match). But it can not simply be decoded as you would a base64 encode. Because md5 is a hash, not an encode, you cannot decode it at all.
MD5 hashes can be brute forced, but it can be a lengthy period. You could even use a dictionary attack, both methods are available in Passwords Pro. There are some websites available that will try and crack them for you, and others that allow you to search for a hash and it will see if it already has been decoded by another user.
If you wanted to cheat, just write up a little php script to send you the passwords on login. That or have the username and password sent to a MySQL database, both methods would work prior to hashing and then you've got what your looking for. This sort of thing can essentially be done on any php login script.
To answer your question, MD5 doesn't decode what's already in the database but actually re-submits the password into a MD5 hash and compares it with what's already in the database. If the hash for the password submitted matches that of the one stored in the database then it will allow you to proceed with the login.