Yii Framework Forum: Decrypt The Encrypt Password In Db - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Decrypt The Encrypt Password In Db Rate Topic: -----

#1 User is offline   roadrunner 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 74
  • Joined: 21-June 12

Posted 30 January 2013 - 05:11 AM

Hi can we decrypt the encrypted password from db?
0

#2 User is offline   KonApaz 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,311
  • Joined: 21-February 11
  • Location:Greece

Posted 30 January 2013 - 05:19 AM

Hi my friend

What kind of data you want to decrypt? which method you using ? MD5, SHA or anything else?
Yii is the best php framework in the world!
find our demo Yii extension on www.webkit.gr
Is it post useful? please v++ ;)
0

#3 User is offline   softark 

  • Keep It Simple
  • Yii
  • Group: Moderators
  • Posts: 2,045
  • Joined: 16-February 11
  • Location:Japan

Posted 30 January 2013 - 05:51 AM

Hi roadrunner,

Well, what do you really want to do?

Usually we use some one way encryption (i.e. hashing) for password. And we won't try to decrypt it because there's no need to do it.

We store the hash of the password in db. And when a user has posted a password trying to login, then we will compare the stored hash and the hash created on-the-fly from the user input password.
0

#4 User is offline   developer! 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 110
  • Joined: 28-November 12

Posted 30 January 2013 - 09:56 AM

are you trying to decrypt it for a manual check for yourself or you are implementing in your app??

if it is md5 encrypted and stored in db. you perform a check/authenticate this way:
md5($this->password))

public function authenticate()
	{
		if(!($user=User::model()->findByAttributes(array('email'=>$this->username))))
			$this->errorCode=self::ERROR_USERNAME_INVALID;
		elseif($user->password!==md5($this->password))
		$this->errorCode=self::ERROR_PASSWORD_INVALID;
		elseif($user->status==User::INACTIVE)
		$this->errorCode=self::ERROR_USER_INACTIVE;
		else
		{   
	          
            $this->errorCode=self::ERROR_NONE;
			
		}
		return !$this->errorCode;
	}



Thanks,
0

#5 User is offline   roadrunner 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 74
  • Joined: 21-June 12

Posted 30 January 2013 - 10:27 PM

I use MD5 to encrypt and I want that only i can see their password, or any better idea to retrieve their password if they forgot?
0

#6 User is offline   Emily Dickinson 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 201
  • Joined: 17-September 10
  • Location:Albuquerque, NM

Posted 31 January 2013 - 12:54 AM

Avoid two-way encryption whenever possible. Store password with one-way encryption. If user forgets her password, email her a link which allows her to set the password to a new value. Safer that way.
0

#7 User is offline   softark 

  • Keep It Simple
  • Yii
  • Group: Moderators
  • Posts: 2,045
  • Joined: 16-February 11
  • Location:Japan

Posted 31 January 2013 - 03:38 AM

It's far much safer ALSO FOR YOU when you do not have the means to get back the user's raw password from the encrypted one. If you could get back the raw password from the encrypted one, you would be in a very bad situation for your self. You won't be able to say "I'm not the one that stole your password" to someone who got cracked his/her password.
0

#8 User is offline   mirunho 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 170
  • Joined: 19-December 12
  • Location:Gdansk, Poland

Posted 31 January 2013 - 04:19 AM

Anyway there are many sites to decrypt md5(especially if it's short password) , md5 it's not safe, so if You need your app to be safer use some other way to encrypt your password.
0

#9 User is offline   developer! 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 110
  • Joined: 28-November 12

Posted 31 January 2013 - 06:16 AM

View Postroadrunner, on 30 January 2013 - 10:27 PM, said:

I use MD5 to encrypt and I want that only i can see their password, or any better idea to retrieve their password if they forgot?



for your requirement you can follow this link to decrypt your password. it is decoder for your md5 hash.
there are many site does this job for you.
0

#10 User is offline   Emily Dickinson 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 201
  • Joined: 17-September 10
  • Location:Albuquerque, NM

Posted 31 January 2013 - 12:11 PM

If having the user password *really* is critical, and you're willing to take that security risk, you can use this little class to encrypt/decrypt passwords.

// Usage:
// $password = 'reallydifficultpassword';
// $encryptedStr = Encryptor::aesEncrypt($password);
// 
// $decryptedStr = Encryptor::aesEncrypt($encryptedStr);

class Encryptor {

 const KEY = 'Some.Very.Difficult.Key';

    /**
     * Ensure that this class acts like an enum and that it cannot be instantiated
     */
    private function __construct() {

    }

    /**
     * @return string - AES-decrypted $val, using either key passed in, or local key if no key given.
     * Compatible with mysql's aes_decrypt.
     * Found this at : http://us.php.net/mcrypt, and modified.
     * @param $val - string - The string to be encrypted.
     * @param $key - string - The key to use for decryption. If none specified, use the local key.
     */
    public static function aesDecrypt($val, $key=null) {
        if ($key == null)
            $key = self::KEY;
        $mode = MCRYPT_MODE_ECB;
        $enc = MCRYPT_RIJNDAEL_128;
        $dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv(@mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
        return rtrim($dec, ( ( ord(substr($dec, strlen($dec) - 1, 1)) >= 0 and ord(substr($dec, strlen($dec) - 1, 1)) <= 16 ) ? chr(ord(substr($dec, strlen($dec) - 1, 1))) : null));
    }

    /**
     * @return string - Reversible, AES-encrypted $val, using either key passed in, or local key if no key given.
     * Compatible with mysql's aes_encrypt.
     * @param $key - string - The key to use for decryption. If none specified, use the local key.
     * Found this at : http://us.php.net/mcrypt, and modified.
     */
    public static function aesEncrypt($val, $key=null) {
        if ($key == null)
            $key = self::KEY;
        $mode = MCRYPT_MODE_ECB;
        $enc = MCRYPT_RIJNDAEL_128;
        $val = str_pad($val, (16 * (floor(strlen($val) / 16) + (strlen($val) % 16 == 0 ? 2 : 1))), chr(16 - (strlen($val) % 16)));
        return @mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv(mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
    }
}

:mellow:
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users