To get the password you need

greg — Sun, 21 Mar 2010 23:48:03 +0000

To get the password you need to know the MD5 hash to start looking for it.

Then to find the original (unhashed) password, you either:
- run software that hashes each possible letter/word permutation and checks each result against its hash
- check your hash against an already created database that contains text and the text hashed to find a match

such databases exist (rainbow table), but of course are not in any way exhaustive as there are 50,000 words in the English language, after that letters and numbers (and even other chars as potentials) in permutations are immense.
Which is why so many people now insist on upper/lower case alpha numeric to stop simple passwords that are found in rainbow tables.

So, as getting the hash would mean access to the database, and then a HUGE arduous task to crack it, it's a lot of work.
Importantly, if you have already accessed the DB then the work cracking passwords is likely pointless as you can do more damage or access all data you want, or change passwords etc by having DB access.

So the MD5 is "a secure method with all things considered".

There are other algos like sha, but adding your own in house salting makes it more secure and rainbow tables are very unlikely to have them.
Permutation software will still find them, but as the salt key will be random (i.e. GH65Ji8 etc) it will take a super computer a long time to find.
All not worth people's time unless it's a bank or gov site, and then other security is in place anyway.

So for general purposes, MD5 is pretty much secure enough.

pr0gr4mm3r wrote: Quote:So

ms2134 — Sun, 21 Mar 2010 08:25:00 +0000

pr0gr4mm3r wrote:

Quote:

So what’s the point in decrypting something which you already know the answer to?

It's a means of verification, and there is no decrypting. It's a one-way hash, you you can't decrypt it. All you do is run the provided password through the MD5 algorithm and see if it matches the hash you already know.

Correct! - BUT...
You are not going to know every single MD5 Hash that is within "your database"; so you cannot just verify something; that you "do not know"; thus meaning that to search through "the database" and find a match to a MD5 Hash that you did not know is Decrypting.

>>>>>>>>>>>>>>>>>>>>>>>>>>>> In regards to the security of websites, etc...

MD5 is used within Wordpress; Yes... Which is why MD5 should be considered "no longer" secure... But; it would take a VERY POWER COMPUTER & LOTS OF HDD Space in order to create the databases required to "decrypt" any MD5 Hash.

Regards,
Michael Swan

Greg K wrote:Now your request

ms2134 — Sun, 21 Mar 2010 08:21:03 +0000

Greg K wrote:

Now your request for the password generator makes more sense

-Greg

YARP- To test the theory.

Not to hack into some bank or anything stupid. I had a theory; and i wanted to test it.

Quote:So what’s the point in

pr0gr4mm3r — Fri, 19 Mar 2010 21:15:00 +0000

Quote:

So what’s the point in decrypting something which you already know the answer to?

Yes, you can say that it is not "unique". If you md5 an entire iso image for means of data verification, then yes, there is the chance arranging the bits in a different way such that the same md5 is created, but the probability is ~nil.

Other than that, I'm not really following the article. It seems that you don't quite understand the concept. I'm curious...in the websites you have developed, how do you store users' account passwords?

Now your request for the

Greg K — Fri, 19 Mar 2010 21:12:10 +0000

Now your request for the password generator makes more sense

-Greg