I'm just wondering if it is possible to retrive the password if it is md5'ed (like someone forgot their password and i want to send it to them through email automatically but not md5'ed)
thanks
I'm just wondering if it is possible to retrive the password if it is md5'ed (like someone forgot their password and i want to send it to them through email automatically but not md5'ed)
thanks
No. You cannot reverse md5 encryption as far as I know
MD5 is made so it's not reversible...this to ensure that whenever someone has the hash, it cannot be decrypted. That's the whole idea...it can be bruteforced though.
When someone forgot his password, you encrypt a new password, and send it to the user, which can then change it himself to anything he likes (after he logged in for instance).
It can be done. You just need to crack it with dictionary or random combination's. Dictionary works the best if he has lame password.
i use md5 for my site as well. for forgetting my password, i had them type their email address, which will have an activation link with a $_GET or something. then i had a small form that would change their pw.
without salt its revertable there are big databases out there
http://gdataonline.com/seekhash.php
http://www.xmd5.org/index_en.htm
etc..
but you cant just decode every password that people forgot. besides, rainbow tables are dictionary words that have been encoded anyways. lol.
you can just not md5 them, but it would be a HUGE security flaw. so i support my idea above. =]