Subscribe to Coding Creatively   
-----

HASHES CANNOT BE DECRYPTED, THEY ARE NOT EVEN ENCRYPTED

Icon 1 Comments
I've seen a few threads around lately saying stuff like "How do I decrypt MD5?", and the answer is always the same:

You can't


MD5, SHA, etc. are all hashing. They are not encrypted, they can not be decrypted. The reason you would use such a thing is so that hackers (in the event they get into your databases), cannot simply decrypt your user's passwords with some simple online tool. Granted there are some brute force ways of finding simple passwords hashed with stuff like MD5 (there is even a full website with thousands of hashes and their real values), but that would take forever, and with the use of a salt, impossible. A salt is basically some random letters and numbers added to the front and end of the password.

Now when you want your user to log in, all you have to do is simply salt the password, then hash it with the same formula you used in the registration process. If the two hashes are the same, the password MUST be correct. So you can now let the user in.

But say your user has forgotten their password. If I ever click that button that will help me get a new password, and it sends my actual password to my email address, I leave that service forever. They do not know what they are doing. What they should be doing is hashing my password and storing that in the database. Not encrypting it or, worse, storing it in plain text. As for the password reset function, you should generate a unique value and store that in your users row. Then send an email with a link to that unique key and on the password reset page, if they provide a correct key, username, and email, the user must be the actual user. From there all you have to do is ask for a password and store that into the database (with salting and hashing of course).

1 Comments On This Entry

Page 1 of 1

JackOfAllTrades Icon

04 April 2011 - 05:25 AM
Hear, hear!
0
Page 1 of 1

Trackbacks for this entry [ Trackback URL ]

There are no Trackbacks for this entry

Recent Entries

April 2014

S M T W T F S
  12345
6789101112
1314 15 16171819
20212223242526
27282930