Geek Answers Handbook

PHP md5 explained

I am working on this PHP project and I have many places that use md5. I even used it many times, but today I donโ€™t understand what the function does. I understand that it decrypts the passed value, but how to cancel it in order to return it to the original. Maybe I do not quite understand the whole process, and if someone has information about the process, I would really appreciate it.

+6
php md5
source share
7 answers

md5 is a hash function

It works in only one way.

A hash function is any well-defined procedure or mathematical function that converts a large, possibly variable size data into a small database. The values โ€‹โ€‹returned by the hash function are called hash values, hash codes, hash amounts, checksums, or simply hashes.

+7
source share

MD5 is a one-way encryption hash .

It does not decrypt anything; rather, it creates a hash code that can be used to compare with other MD5 hashes. It used to be that if the two hashes match, you can be sure that the two inputs were the same. Eventually, several collisions were found, followed by methods for intentionally creating collisions (lowering the MD5 value for security purposes). This is a fairly fast algorithm, so it can be used (checking for corruption when transferring large amounts of data and other places where you can provide other forms of protection against a true attack).

+4
source share

MD5 is not encryption as such, but a checksum generation algorithm. Regardless of the data you transmit, you will get a hexadecimal (only 0-9 and AF) string of fixed length. The idea is that it is very unlikely that any data other than the data you transferred will lead to the same MD5 chain. Since the result is a fixed length, and your data can be of any length, obviously there will be other data that leads to the same MD5 line, but once again it is very unlikely that you will find it.

Thus, there is no way to actually "decrypt" the MD5 string. What you do, you generate it from some data, then generate it from some other data and compare two lines of MD5. If they are the same, you can be absolutely sure (although not 100%) that these two inputs are identical.

+2
source share

MD5 does not decrypt anything. It is considered a one-way hashing algorithm. For this input, a fixed-length string is returned. In addition, for two given inputs, which are quite similar but not identical, the return value of md5 will not be predictable.

Hashing is useful for many things, for example, for checking files. Although without a topic, if you took the file and calculated the hash for it, and then sent the file to someone along with the hash, they could easily verify that they received the file correctly by hashing it themselves, and then claiming that their hash matches the provided hash .

Another example would be site authentication. After user authentication, you start a session, and in this session you store md5 (username + time), and also save cookies in the md5 users browser (username + time), and then on subsequent page requests you can verify that the hash of the session matches the hash cookie to claim that the user is who they say. Md5 is not a good hash for this type of thing, but hashing in general can help in such situations. sha1 will be the best hash function for this application or even sha512.

+1
source share

MD5 is a cryptographic hash function. Cryptographic hash functions have a special property that they generate a result based on input, but it is almost impossible to restore the original input. This is a kind of "one-way encryption." In addition, when transmitting the same data using a cryptographic hash function, you should always get the same result.

While they are not preferred for encryption, as they are one-way, they are very useful when storing passwords. This is because, as I said, the same input will always have the same result. This makes it unnecessary to save the password in plain text or even a recoverable version (for example, encrypted passwords). Instead, you simply generate a hash from the password and store it in the database. Whenever someone tries to log in, you get a hash from the database, and then generate a new hash from the password you entered and compare two.

Note that MD5 is not very secure, you should try using another more secure hash function, like SHA512:

<?php $hash = hash('sha512', $data); ?>

Useful links:

+1
source share

See http://en.wikipedia.org/wiki/Hash_function .

The strength of a hash function depends on its difficulty in the opposite direction.

0
source share

It generates a one-way input hash using the md5 algorithm

Some links:

http://en.wikipedia.org/wiki/MD5

http://en.wikipedia.org/wiki/Cryptographic_hash_function

0
source share

More articles:


All Articles