 |
|||
PHP
IT Tags
indexing solr photo gallery check domain UPDATE objects XHTML Simplexml Parser local server SimpleXML Stop Script magento ecommerce sdf Combo box Overlapping Layers Solr XML php mail connection to MYSQL Mobile site mysql server associative arrays Xampp ajax my_thread_global_end server shutdown Remove Duplicate include PHP and FLash multiple file uplo control panel local server |
md5 five encrytion and decrytion
By: rekha singh | 15 Jun 2010 5:25 pm
Hi to all,
I need some help on how can I decrypt the password in my MySQL database so I can use it for checking the user if they put there username and password?
Please help.
Thanks,
CommentsYou can't decrypt an MD5 hash. That is, there is no way to reverse the algorithm. What you need to do is encrypt the password the user submits at the time of logging in to the encrypted password stored in the database. The concept of a hash is that the same string run through a given hashing algorithm will result in the same encrypted string each time. This allows you to store passwords and possibly other sensitive data in a database or file in an encrypted form. If the file or database is compromised (if a cracker gets in), the data is useless to the individual who gained unwanted access. Unfortunately, there are databases available that contain the results of MD5 hashes on common password strings. I recommend using a SHA1 hash, and you might consider adding some add-on strings before encryption to make it more difficult for crackers. If you do use add-on strings, you must add the strings to both the password stored and the one submitted by the user at log-in before you hash them.
Please, be aware that even though you store the password strings the user sends at log-in in an encrypted form, it is possible to intercept password strings during transport from the user to your server. Intercepted strings are not encrypted, and thus can be used by cracker. If your data is very sensitive or has a high monetary value, I would strongly advise you implement SSL.
While I am giving advice, I might also suggest you validate and sanitize any password data sent to you by any user. Any publicly available forms are an opportunity to attempt MySQL injection attacks. Make sure the number of characters allowed is matched and that characters are of the proper type (integers, alpha characters, etc.).
I hope this helps.
By: rekha singh | 17 Jun 2010
|
