I am using md5 to encrypt the password. then, how to get back the original string if i need it. is there any decryption possible?
In a word: no. If you want it to be reversible, this is the wrong approach. MD5 is a hashing algorithm, not an encryption one. Don't use MD5 for passwords.
Use actual encryption, like AES or Blowfish.
You cannot decrypt one-way hashes like MD5 - The best you can do is brute-force them or run a dictionary through and compare the values for matches.
Related
If I give you the MD5 checksum of a string, can you generate the SHA checksum?
Or Vice Versa?
If I give you an MD5 checksum and a SHA checksum, can you tell me whether they're generated from the same source string?
(Obviously I'm excluding anything like locating the source string from a rainbow table, etc. etc.)
No. Both are one-way hashes, so the information contained in the original source string is lost in the checksum.
Even if you do have the "original" string as you say, there will be some other data out there that when hashed, results in a collision. This is because MD5 and SHA1 are not perfect hash functions. In the case of MD5, each hash can potentially have an infinite number of collisions. Then there is no guarantee that the generated SHA checksum of the "original" string is actually what you seek.
Disclaimer: I have very little experience with the theoretical side, so you may want to verify with other resources.
When softwares such as ecryptfs use AES, it asks for a user password (such as "password123").
The AES algorithm by itself does not call for a user password. So where does the "password123" get thrown into the math?
I'm working to make a C function that encrypts some data using a password. I know the typical way of doing it with OpenSSL and an aes key, but I don't know how to get a user password integrated.
You need to use a key derivation function (KDF). Password-Based Key Derivation Function 2 (PBKDF2) is the current most common approach.
OpenSSL probably exposes PBKDF2, it typically takes in a password and an iteration count (modern systems should use something like 100000 or higher... crank up the number until it takes about 0.3 seconds), and an output length. It may also take a hash function, something in the SHA-2 family (SHA256, SHA384, SHA512) would be a good modern choice.
There is a site called http://www.MD5Decrypter.co.uk where when you give a md5 hash, it gives the original string. How is that possible. As far as I know md5 is an irreversible hash algorithm or is it? Secondly, can salt be used along with md5?
md5 is a hash algorithme so it allows two words to have the same hashcode. I you do not trust me, I can hash a 5-letter word, 10-letter word, 128-letter word with md5 and it will give me 32 characters every time.
The probleme is that md5 is not cryptographicaly secured. One can analyse it and guess what could have been hash. But the technique used by the site you posted is the rainbow table.
It can also be a dictionary, but it is less common with md5.
If you use a salt with your md5, this generator will not find anything until the rainbow table with your salt is filled.
md5 is usefull to sign a file, a cookie, or the name of a cryptography algorithm. It is not secured to store passwords. Some languages advice you to use whirlpool, bloswfish, salsa20 or sha512 instead of md2/5 sha 1/2/256
How can I encode a file using sha256 and c/c++ ???
Thanks!
SHA 256 stands for Secure Hash Algorithm ! It will only produce the hash of a given file . You can't retrieve the original file from a given hash otherwise hash functions are useless.
If you want to do encryption/decryption AES would be a better solution. Everything you need is in OpenSSL.
If you don't know what SHA is for, then you better ask someone who knows this stuff instead of doing it yourself. Even if you use a given library, chances are very high that you will produce snake oil. Security depends on much more than calling some encryption functions.
I want to know if there exists a way to differentiate a md5 hashcode of a sha-1 hashcode?
For example:
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
How could I know which are encrypted in md5 and which are not? Is it possible?
I'm not quite sure if this is what you're asking, but MD5 is 128 bits/32 hex digits, while SHA-1 is 160 bits/40 hex digits, so it's fairly easy to tell the difference between them (providing, of course, that you know that your hashes will be either MD5 or SHA-1 and not something else).
(If you're asking whether you can determine if a given MD5 hash is a hash of a hash or a hash of some other data, then I believe the answer is "no".)
MD5 gives a 128-bit hash value.
SHA-1 gives a 160-bit hash value.