密码解密(md5) [英] Decryption of password (md5)
本文介绍了密码解密(md5)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我通过{generaterandomstring}生成一个随机字符串然后
{加密}它存储在数据库中。但是如果有人忘记了密码,那么我想通过解密形式发送他的密码他/她存储的加密密码,而不是其他方式bcoz我已经通过重置和发送生成的字符串完成。
问题 - 无法解密密码!
以下是我生成和加密生成的字符串的两个函数。
使用它们的方式 - >
NewPassword = ES.Common.RenfroCommonModule.GenerateRandomString( 8 ,真)
NewUserPassword = ES.EkatmERP.UserManagement.FrmUM0012_ChangeUserPwd.GetEncryptedPassword(NewPassword)
函数 - > ;
公共 功能 GenerateRandomString(<跨班=code-keyword> ByRef len 作为 整数, ByRef upper As Boolean )正如 字符串
Dim rand 正如 新 Random()
Dim allowableChars() As Char = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLOMNOPQRSTUVWXYZ0123456789 .ToCharArray()
Dim final As 字符串 = 字符串 .Empty
对于 i As 整数 = 0 要 len - 1
final + = allowableChars(rand。 Next (allowableChars.Length - 1 ))
下一步
返回 IIf(upper,final.ToUpper(),final)
结束 功能 然后
公共 共享 功能 GetEncryptedPassword( ByVal 输入作为 字符串)作为 字符串
P. rivate Const _EncryAlgo As String = MD5
尝试
返回 System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Input,_EncryAlgo)
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(< span class =code-string> , )
Catch ex As 例外
抛出 新例外(ex.Message)
结束 尝试
En d 功能
Plz帮我解密此加密密码。
解决方案
你永远不应该解密密码。而且你永远不需要它:身份验证绝对不需要。
另外,MD5是加密哈希函数;它根本不允许解密;更确切地说,使它变得不可行。这就是这种算法的重点。
惊讶吗?继续阅读。
想一想:除了拥有密码的用户之外,是否有人需要知道密码?所有身份验证需要确保经过身份验证的用户输入的字符串与此用户在创建密码的过程中输入的字符串相同。从第一眼看,它看起来像知道密码,但实际上这不是真的。在逻辑中做什么练习?
解决这个问题的方法之一通常是加密哈希函数的计算在这两种情况下都存储哈希。如果您想说这个存储的值只是加密密码,请再想一想。最大的区别是:加密哈希根本无法解密,这是一个单向函数。因此,从哈希计算密码是不可行的(当然,它与系统权限无关:这对任何人来说都是不可行的)。这不是必需的:你只需存储哈希值并将哈希值与哈希值进行比较。
请参阅:
http://en.wikipedia.org/wiki/Cryptographic_hash_function [ ^ ]。
重要的是不要将MD5或SHA1用于安全目的:这些算法被认为是破碎的。使用SHA-2系列之一:
http://en.wikipedia.org/wiki/Md5 [ ^ ],
http://en.wikipedia.org/wiki/Sha1 [ ^ ],
http://en.wikipedia.org/wiki/Sha2 [ ^ ]。
请查看我过去对此主题的回答:
解密加密密码 [ ^ ],
我已经加密了我的密码但是当我登录时它给了我一个错误。如何解密 [ ^ ] ,
使用用户名和密码进行TCP连接 [ ^ ]。
-SA
MD5()生成哈希,而不是加密串。因此,原则上你不能解密它。但是研究表明MD5是可以破解的,但是研究起来似乎太复杂。
来自今天被认为有害的MD5
参考下面链接。
http://www.win.tue.nl/hashclash/rogue-ca/:
有许多在线网站提供解密的字符串。
以下几个在线链接。
http://md5encryption.com/ [ ^ ]
http://md5.darkbyte.ru/ [ ^ ]
http://www.stottmeister.com/blog/ 2009/04/14 / how-to-crack-md5-passwords / [ ^ ]
I am generating a random string through {generaterandomstring} and then
{encrypt} it to store in database.But if somebody will forgot password then i want send his password in decrypted form,by decrypting his/her stored encrypted password,not by other way bcoz i have already done by reset and by sending generated string.
Problem-Unable to decrypt password!
Following are my two functions to generate and encrypt generated string.
Way i m using them->
NewPassword = ES.Common.RenfroCommonModule.GenerateRandomString(8, True)
NewUserPassword = ES.EkatmERP.UserManagement.FrmUM0012_ChangeUserPwd.GetEncryptedPassword(NewPassword)
Functions->
Public Function GenerateRandomString(ByRef len As Integer, ByRef upper As Boolean) As String
Dim rand As New Random()
Dim allowableChars() As Char = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLOMNOPQRSTUVWXYZ0123456789".ToCharArray()
Dim final As String = String.Empty
For i As Integer = 0 To len - 1
final += allowableChars(rand.Next(allowableChars.Length - 1))
Next
Return IIf(upper, final.ToUpper(), final)
End Function then
Public Shared Function GetEncryptedPassword(ByVal Input As String) As String
Private Const _EncryAlgo As String = "MD5"
Try
Return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Input, _EncryAlgo)
System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile("", "")
Catch ex As Exception
Throw New Exception(ex.Message)
End Try
End Function
Plz help me decrypt this encrypted password.
解决方案
You never ever should decrypt a password. And you never need it: it is absolutely not needed for authentication.
Also, MD5 is cryptographic hash function; it does not allow "decryption" at all; more exactly, makes it infeasible. This is the whole point of such algorithms.
Surprised? Keep reading.
Think about it: does anyone (except the user who owns the password) needs to know the password, ever? All authentication needs is to make sure, that the string entered by a authenticated user is the same that this user entered in the process of password creation. From the first glance, it looks like knowing of the password, but in fact this is not true. What to do this exercise in logic?
One of the ways of solving this problem which is usually used is calculation of a cryptographic hash function in both cases and storing the hash. If you want to say that this stored value is just the encrypted password, think again. The big difference is: the cryptographic hash cannot be decrypted at all, this is a one-way function. So, it''s infeasible to calculate a password from hash (and, of course, it has nothing to do with system permissions: this is equally infeasible for anyone). And this is not needed: you just store hash and compare hash with hash.
Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].
It is important not to use MD5 or SHA1 for security purposes: these algorithms are considered broken. Use one of the SHA-2 family:
http://en.wikipedia.org/wiki/Md5[^],
http://en.wikipedia.org/wiki/Sha1[^],
http://en.wikipedia.org/wiki/Sha2[^].
Please see my past answers on this topic:
Decryption of Encrypted Password[^],
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
TCP Connection with username and password[^].
—SA
Hi,
MD5() generates a hash, not an encrypted string. Thus you can''t decrypt it in principle. But studies shown that MD5 is hackable, but it seems too complicated to study.
From "MD5 considered harmful today"
Refer the below link.
http://www.win.tue.nl/hashclash/rogue-ca/:
There are many online website available that provide the decrypted string.
Below are few online links.
http://md5encryption.com/[^]
http://md5.darkbyte.ru/[^]
http://www.stottmeister.com/blog/2009/04/14/how-to-crack-md5-passwords/[^]
这篇关于密码解密(md5)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
