Hello,
I want decrypt a password which is encrypted by MD5.
there are 4 functions which i am using :
# Encrypts some data with the salt.
def self.encrypt(password, salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end
# Encrypts the password with the user salt
def encrypt(password)
self.class.encrypt(password, salt)
end
def authenticated?(password)
crypted_password = encrypt(password)
end
def encrypt_password
self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#
{login}--") if new_record?
self.crypted_password = encrypt(password)
end
please do tell me...
On 09 Nov 2009, at 11:43, madhuri godade wrote:> I want decrypt a password which is encrypted by MD5.MD5 is a hash algorithm, which means it''s a one-way encryption. You have no way of decrypting the hash to the original password. And since you are using a salt, even the rainbow tables hackers use will be pretty useless. If your app isn''t in production yet, you could consider a decryptable algorithm, like the ones you can find in Sentry: http://sentry.rubyforge.org/ Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Nov 9, 10:54 am, Peter De Berdt <peter.de.be...-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org> wrote:> On 09 Nov 2009, at 11:43, madhuri godade wrote: > > > I want decrypt a password which is encrypted by MD5. > > MD5 is a hash algorithm, which means it''s a one-way encryption. You > have no way of decrypting the hash to the original password. And since > you are using a salt, even the rainbow tables hackers use will be > pretty useless.And at least according to the snippet posted, it''s not MD5 it''s SHA1 (which is harder to brute force) Fred> > If your app isn''t in production yet, you could consider a decryptable > algorithm, like the ones you can find in Sentry:http://sentry.rubyforge.org/ > > Best regards > > Peter De Berdt
On 09 Nov 2009, at 12:46, Frederick Cheung wrote:>>> I want decrypt a password which is encrypted by MD5. >> >> MD5 is a hash algorithm, which means it''s a one-way encryption. You >> have no way of decrypting the hash to the original password. And >> since >> you are using a salt, even the rainbow tables hackers use will be >> pretty useless. > > And at least according to the snippet posted, it''s not MD5 it''s SHA1 > (which is harder to brute force)Indeed, missed out on that, but the conclusion is still the same, digesting is one way, so you can''t decrypt the password in a convenient way. It''s easier just to implement a password reset routine. Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
md5(md5(md5(Password-With-Salt)))=2787551f694768be48c6944a3a1e6b6d -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.