password decryption (Technics)
how to decrypt password? the password on database looks something like this
6fde2bba55f91cf97977c0e3b66ef283
by angelo, Tuesday, March 22, 2011, 05:47 (4782 days ago)
how to decrypt password? the password on database looks something like this
6fde2bba55f91cf97977c0e3b66ef283
by angelo, Tuesday, March 22, 2011, 14:22 (4782 days ago) @ angelo
how to decrypt password in this script?
* generates a random string * * @param int $length * @param string $characters * @return string */ function random_string($length=8,$characters='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { $random_string = ''; $characters_length = strlen($characters); for($i=0;$i<$length;$i++) { $random_string .= $characters[mt_rand(0, $characters_length - 1)]; } return $random_string; } /** * generates password hash * * @param string $pw * @return string */ function generate_pw_hash($pw) { $salt = random_string(10,'0123456789abcdef'); $salted_hash = sha1($pw.$salt); $hash_with_salt = $salted_hash.$salt; return $hash_with_salt; } /** * checks password comparing it with the hash * * @param string $pw * @param string $hash * @return bool */ function is_pw_correct($pw,$hash) { if(strlen($hash)==50) // salted sha1 hash with salt { $salted_hash = substr($hash,0,40); $salt = substr($hash,40,10); if(sha1($pw.$salt)==$salted_hash) return true; else return false; } elseif(strlen($hash)==32) // md5 hash generated in an older version { if($hash == md5($pw)) return true; else return false; } else return false; }
by Micha , Tuesday, March 22, 2011, 14:44 (4782 days ago) @ angelo
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
by angelo, Tuesday, March 22, 2011, 16:36 (4782 days ago) @ Micha
u mean there's no way to view password on database? impossible to create reversal script to see the real password? sorry for my stupid questions..
by Micha , Tuesday, March 22, 2011, 16:42 (4782 days ago) @ angelo
Hi,
u mean there's no way to view password on database?
Yes, there is no way.
Regards Milo
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
by angelo, Tuesday, March 22, 2011, 16:53 (4782 days ago) @ Micha
oh i see tnx sir..but i still have a question
do u know any tricks to edit the script. . so i can see their paassword? if there is does it safe? will it take more time to edit the script?
i dnt know much about php . .thats why i have lots of noob questions ehehe
by Micha , Tuesday, March 22, 2011, 16:59 (4782 days ago) @ angelo
Hi,
do u know any tricks to edit the script. . so i can see their paassword?
No, I didn't.
regards Micha
--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences
by Riba , Thursday, March 24, 2011, 11:14 (4780 days ago) @ angelo
angelo,
As milo said, the hash is a one way street. It would be possible to modify the script to store the passwords unencoded, but it is really against the basics of online security and I would definitely not advise it.
It might help if you explain why you need that or what are you trying to achieve, there is probably a better way to do it.