MySQL ENCRYPT password, but how DECRYPT?

Question

MySQL ENCRYPT password, but how DECRYPT?

I am reviewing this tutorial and I am using the MySQL ENCRYPT function.

http://www.pixelinx.com/2010/10/creating-a-mail-server-on-ubuntu-using-postfix-courier-ssltls-spamassassin-clamav-and-amavis/

But now I have a problem decrypting an encrypted password in MySQL or php? I want to compare if the entered password matches the encrypted one.

How can I compare it? MySQL must be encrypted using the ENCRYPT function!

I am looking, but I can not find anything, how to decrypt MySQL ENCRYPT function ...

+1

php mysql

senzacionale May 10, '13 at 15:39

source share

3 answers

hek2mgl · Answer 1 · 2013-05-10T15:42:05+0000

ENCRYPT uses a one-way hash algorithm, DECRYPT does not exist .. What is the meaning of password encryption: a hacker should not be able to see transparent text passwords.

If you need to compare the password in db with the user entered, use such a request (using prepared requests)

 SELECT * FROM `user` WHERE `name` = 'hek2mgl` AND `password` = ENCRYPT('user_input', `password`)

The ENCRYPT function will output a "salt" string with the prefix of the salt itself, so when you feed back the encrypted password will re-submit the original salt.

Richiehindle · Answer 2 · 2013-05-10T15:41:54+0000

You cannot decrypt the password - it is encrypted with one-way encryption.

What you need to do is to encrypt the entered password and compare the result with the saved encrypted password.

Gianluca ghettini · Answer 3 · 2013-05-10T15:44:33+0000

You do not need a decrypt password. To check if the user has provided the correct password, simply enter the RE-ENCRYPT password specified by the user and check if it matches the one stored in your database.

Moreover, a simple hash function will suffice (avoid MD5 and use salt to prevent dictionary attacks or rainbow tables!)

MySQL ENCRYPT password, but how DECRYPT?

More articles: