Full Stack Web Development Internship Program
- 29k Enrolled Learners
- Weekend/Weekday
- Live Class
One of the most important parts of a website is the authentication system and it is commonplace for developers to commit mistakes leaving out vulnerabilities for others to exploit. Since PHP is a server-side scripting language, it is responsible for all the back-end functionalities required by the website. In this article, we will learn how to decrypt md5 password in PHP in the following sequence:
One basic example could be storing and using user passwords in its true form, in this situation an unauthorized person might get access to the database and the whole system is compromised. To prevent this situation password hashing is used. Password hashing can be defined as a method that takes the user password or string and encrypts it into a fixed-length password, PHP has a few functions to achieve the same like md5(), sha1(), hash().
MD5 hashing algorithm generates a 32 characters string (hexadecimal) for any word or phrase we give in the input. We can even encrypt an entire file into an MD5 hash. The algorithm can also be used for digital signature applications, where a large file is compressed in a secure manner and then encrypted with the help of a private key.
To calculate the MD5 hash of a string PHP has a pre-defined function md5(). The md5() function calculates the MD5 hash of a string input and returns the hash hexadecimal number. The md5() function uses the MD5 Message-Digest Algorithm.
md5(string,raw)
Parameter | Description |
string | Mandatory. It is the input string that needs to be calculated |
raw | Optional. Specifies binary or hex output format:
|
Return Type:
md5() returns hash as a 32-character hexadecimal number.
The MD5 cryptographic algorithm is not reversible i.e. We cannot decrypt a hash value created by the MD5 to get the input back to its original value. So there is no way to decrypt an MD5 password. But, we can use something like brute force hacking, which is extremely resource-intensive, not practical, and unethical. Thus, if someone is entering the correct password, we need to find the hash value of whatever the user entered, and see if it matches what we have in our database thus it is time and resource-intensive job to perform.
It is possible to guess what the original password is by looking in dictionaries of MD5 hashes of many known words, these dictionaries can be useful to tell a user that the password that he has chosen may be easily discovered thus we can ask the user to build a more strong password.
<?php $string = " PHP with Edureka"; echo "Your string is:".$string; echo "<br>"; echo "Hex formed by md5 function is ".md5($string); ?>
Output:
<?php $string = ' PHP with Edureka'; if (md5($string) =='9a1359e7be2d2670780b85471675dc72'){ echo "PHP with Edureka is Fun"; } else { echo"look for the error"; } ?>
Output:
In the above example, we check if the hash value of variable $string is equal to 9a1359e7be2d2670780b85471675dc72 the program prints out “PHP with Edureka is Fun” else it prints “look for the error”
<?php $string = " PHP with Edureka"; echo "Your string is: ".$string."<br>"; echo "Setting raw input to TRUE getting 16 character binary: ".md5($string, TRUE)."<br>"; echo "default raw input set to FALSE giving 32 charater hex number: ".md5($string)."<br>"; ?>
Output:
In the above example, we look at the application of the raw parameter in the md5() function. If we set it to TRUE it gives a 16 character binary output else it simply gives 32 characters hex number.
<?php $password= "pass123"; if (isset($_POST['password']) && !empty($_POST['password'])) { $new_password=$_POST['password']; if(md5($new_password)==md5($password)) { echo "<br> Correct password "; } else{ echo "<br> Incorrect password "; } } ?> <form action="md5.php" method="post"> <input type="text" name="password"> <br> <input type="submit" > </form>
Output:
The above code gives an output of an HTML form with a text block and a submit button if we enter the correct password it prints “Correct password” else it prints “Incorrect password”.
When we type in the wrong password for example here it checks for the hash of “pass” input with the hash of “pass123” the correct password if it does not match it gives out as follows
It prints out “Incorrect password”
If we type in the right password (i.e “pass123”) the hash of the input matches with the hash of the correct password and it gives the following output
It prints out “Correct password”
Now with this, we have come to the end of the PHP Tutorial. I hope you guys enjoyed this article and understood the concepts of decryption. So, with the end of this PHP Tutorial, you are no longer a newbie to the scripting language.
If you found this PHP Tutorial blog relevant, check out the PHP Certification Training by Edureka, a trusted online learning company with a network of more than 250,000 satisfied learners spread across the globe.
Got a question for us? Please mention it in the comments section of ”How to decrypt md5 password in PHP?” and I will get back to you.
edureka.co