Posted by Andy Hassall on 05/27/05 21:08

On Fri, 27 May 2005 15:33:49 GMT, "roger" <pageme@ntlworld.com> wrote:

>When a MySql DB has passwords encrypted using md5() from a php script, is
>there a way of returning the unencrypted data if the site key is known or is
>it only one way encryption.

No. It's a hashing algorithm, not encryption - information is lost when
hashing, so it is completely impossible to get back to the original.

The closest you can ever get is to find a piece of data that produces the same
hash - but there are an infinite number of pieces of data that produce the same
MD5 hash (due to the pigeonhole principle), and MD5 is specifically designed to
make it very hard to find any of them for a particular hash. Longer and more
cryptographically secure hashes like SHA1 make it even harder, but even MD5
would require obscene amounts of computing power to find a plaintext for a
given hash.

--
Andy Hassall / <andy@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool

[Back to original message]