I am storing the passwords of my college website in our own server. I am storing the passwords using the MD5 encryptor. But the doubt I got is since the decrypter is there I can also decrypt the passwords and use them. So how these passwords are secured with me.
Asked
Active
Viewed 737 times
0
-
3You can't decrypt MD5, it's one-way hash function. You can only guess the input, hash it, and compare against the target hash. – CodesInChaos Dec 03 '13 at 12:41
-
5Still MD5 (and SHA-2 as well) are a bad choice for password hashing since they're fast. See [How to securely hash passwords?](http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords) – CodesInChaos Dec 03 '13 at 12:41
-
A good way to explain the difference between encryption and hashing, not mine, taken from a youtube vblogger: If you think of encryption as drawing a picture of something, hashing is a bit like drawing around it. – Owen Dec 03 '13 at 13:51
-
3A better analogy: **Encryption** is like locking a cow in big box with a keyed lock; whenever you want you can unlock the box and take a look at the cow. **Hashing** is like turning the cow into sausage; you cannot turn the sausage back as a cow. – Adi Dec 03 '13 at 14:12
-
Heh, like it. That's one big sausage. – Owen Dec 03 '13 at 14:39
-
@Adnan: Thats great I like it... – Baradwaj Aryasomayajula Dec 04 '13 at 05:22
1 Answers
3
MD5 is not an encryption algorithm. It is a hash algorithm. Hash algorithm are one-way. There is no decryptor.
Hashes are used to generate a fingerprint of a text string. Reverse-engineering the input from the hash should be impossible. When the hash-function is cryptographically secure, there should be no way which is more efficient than trying out all possible inputs until you find one which coincidally has the same hash.
How do you apply this in a password system?
When the user tells you their password during registration, you don't save it. You generate the hash of the password, save the hash in the database, and forget that you ever saw the cleartext password. When a user then tries to login, they give you a password. You generate the hash of that password, and when it matches the hash in your database, you let them in.
But please note that MD5 is no longer a good choice for password encryption.
- MD5 is a fast algorithm. At first glance this seems like an advantage because it makes authentication faster. But it also makes it much easier for anyone with access to the hash to try out passwords until they found one which matches.
- The security of MD5 is disputed. Many flaws were discovered in the algorithm which make it possible to reverse-engineer the input of an MD5 hash in some scenarios.
For these reasons, you should use another algorithm when possible. A good choice for password encryption is bcrypt, because it was designed especially for this purpose. When an implementation is not readily available for your development framework, SHA-2 can be considered an alternative where implementations are easier to come by. It's not considerably slower than MD5 which makes it easier to crack given enough computing-power, but it has no known critically vulnerabilities like MD5. For low-security systems it's still adequate.
Philipp
- 48,867
- 8
- 127
- 157
-
The attacks on MD5 are collision attacks, not first pre-image attacks. They don't apply to password hashing. In particular you can't compute the input given the output faster than guessing the input. So SHA-2 offers little advantage over MD5 here. – CodesInChaos Dec 03 '13 at 23:32