password decryption (Technics)
how to decrypt password? the password on database looks something like this
6fde2bba55f91cf97977c0e3b66ef283
how to decrypt password? the password on database looks something like this
6fde2bba55f91cf97977c0e3b66ef283
how to decrypt password in this script?
* generates a random string * * @param int $length * @param string $characters * @return string */ function random_string($length=8,$characters='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { $random_string = ''; $characters_length = strlen($characters); for($i=0;$i<$length;$i++) { $random_string .= $characters[mt_rand(0, $characters_length - 1)]; } return $random_string; } /** * generates password hash * * @param string $pw * @return string */ function generate_pw_hash($pw) { $salt = random_string(10,'0123456789abcdef'); $salted_hash = sha1($pw.$salt); $hash_with_salt = $salted_hash.$salt; return $hash_with_salt; } /** * checks password comparing it with the hash * * @param string $pw * @param string $hash * @return bool */ function is_pw_correct($pw,$hash) { if(strlen($hash)==50) // salted sha1 hash with salt { $salted_hash = substr($hash,0,40); $salt = substr($hash,40,10); if(sha1($pw.$salt)==$salted_hash) return true; else return false; } elseif(strlen($hash)==32) // md5 hash generated in an older version { if($hash == md5($pw)) return true; else return false; } else return false; }
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
u mean there's no way to view password on database? impossible to create reversal script to see the real password? sorry for my stupid questions..
Hi,
u mean there's no way to view password on database?
Yes, there is no way.
Regards Milo
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
oh i see tnx sir..but i still have a question
do u know any tricks to edit the script. . so i can see their paassword? if there is does it safe? will it take more time to edit the script?
i dnt know much about php . .thats why i have lots of noob questions ehehe
Hi,
do u know any tricks to edit the script. . so i can see their paassword?
No, I didn't.
regards Micha
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
angelo,
As milo said, the hash is a one way street. It would be possible to modify the script to store the passwords unencoded, but it is really against the basics of online security and I would definitely not advise it.
It might help if you explain why you need that or what are you trying to achieve, there is probably a better way to do it.