password decryption (Technics)

by angelo, Tuesday, March 22, 2011, 05:47 (4782 days ago)

how to decrypt password? the password on database looks something like this
6fde2bba55f91cf97977c0e3b66ef283

password decryption

by angelo, Tuesday, March 22, 2011, 14:22 (4782 days ago) @ angelo

how to decrypt password in this script?

 * generates a random string
 *
 * @param int $length
 * @param string $characters
 * @return string
 */
function random_string($length=8,$characters='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
 {
  $random_string = '';
  $characters_length = strlen($characters);
  for($i=0;$i<$length;$i++)
   {
    $random_string .= $characters[mt_rand(0, $characters_length - 1)];
   }
  return $random_string;
 }
 
/**
 * generates password hash
 *
 * @param string $pw
 * @return string
 */
function generate_pw_hash($pw)
 {
  $salt = random_string(10,'0123456789abcdef');
  $salted_hash = sha1($pw.$salt);
  $hash_with_salt = $salted_hash.$salt;
  return $hash_with_salt;
 }
 
/**
 * checks password comparing it with the hash
 *
 * @param string $pw
 * @param string $hash
 * @return bool
 */
function is_pw_correct($pw,$hash)
 {
  if(strlen($hash)==50) // salted sha1 hash with salt
   {
    $salted_hash = substr($hash,0,40);
    $salt = substr($hash,40,10);
    if(sha1($pw.$salt)==$salted_hash) return true;
    else return false;
   }
  elseif(strlen($hash)==32) // md5 hash generated in an older version
   {
    if($hash == md5($pw)) return true;
    else return false;
   }
  else return false;
 }
Avatar

password decryption

by Micha ⌂, Tuesday, March 22, 2011, 14:44 (4782 days ago) @ angelo

Hi,

how to decrypt password?

There is no way because it is a hash-function

regards Milo

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

password decryption

by angelo, Tuesday, March 22, 2011, 16:36 (4782 days ago) @ Micha

u mean there's no way to view password on database? impossible to create reversal script to see the real password? sorry for my stupid questions..

Avatar

password decryption

by Micha ⌂, Tuesday, March 22, 2011, 16:42 (4782 days ago) @ angelo

Hi,

u mean there's no way to view password on database?

Yes, there is no way.

Regards Milo

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

password decryption

by angelo, Tuesday, March 22, 2011, 16:53 (4782 days ago) @ Micha

oh i see tnx sir..but i still have a question
do u know any tricks to edit the script. . so i can see their paassword? if there is does it safe? will it take more time to edit the script?
i dnt know much about php . .thats why i have lots of noob questions ehehe :-)

Avatar

password decryption

by Micha ⌂, Tuesday, March 22, 2011, 16:59 (4782 days ago) @ angelo

Hi,

do u know any tricks to edit the script. . so i can see their paassword?

No, I didn't.

regards Micha

--
applied-geodesy.org - OpenSource Least-Squares Adjustment Software for Geodetic Sciences

password decryption

by Riba ⌂, Thursday, March 24, 2011, 11:14 (4780 days ago) @ angelo

angelo,

As milo said, the hash is a one way street. It would be possible to modify the script to store the passwords unencoded, but it is really against the basics of online security and I would definitely not advise it.
It might help if you explain why you need that or what are you trying to achieve, there is probably a better way to do it.

--
Locusto aukcije forum

RSS Feed of thread