How to recover password from MD5?
https://stackoverflow.com/questions/10041298
-
29-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm using md5 to encrypt the user's password in my database, and I want them to get their password back when they forget by sending them email. The problem is I don't know how to write PHP code to recover it back.
Any answer, or appropriate link would be very much appreciated. Thanks..
Solution
This cannot be done1
MD5 is a hashing function and not an encryption function. It is a one-way process and not reversible.
1Actually, there are many such passwords (inputs) which will result in the same MD5 value when hashed, but it's "hard" to find just one and [generally] impossible to find the original one. This is what "cracking" a password does - it finds one such input that, when hashed, results in the particular output. (And I will provide no more help down this road.)
OTHER TIPS
As mentioned- MD5 like all hash functions- shouldn't be reversed. It's also can be done because many string can be hashed to the same string and when reversed you can get different string.
If you're lucky you can find your hash in rainbowtables: http://www.md5rainbow.com/ but it can bring you not your original string, although it doesn't matter cause in your login you probably compare the hashed strings.
What you probably want to do is 'reset your password' instead of sending the original password.
MD5 is a hash function, you should never try to recover the hashed password. The common practice would be to erase the hashed password and force them to set a new password from a link in the email. Passing hashed passwords, then trying to reverse hash them, is a serious security hole.
Theoretically in most cases, your user would prefer you to send them a special link that will resets there password after some checks, you should not send plain text passwords in mails nor should you let your user know that you have an unhashed version of there password available within your system.
Rainbow tables may be of some interest for you.
It is not possible to recover original password from hash, but using rainbow tables it may be possible to find some string that will produce the same hash as you need.
