Decrypt a admin password (with salt)

Hello,

I want decrypt a password which is encrypted by MD5.
there are 4 functions which i am using :

# Encrypts some data with the salt.
  def self.encrypt(password, salt)
    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
  end

  # Encrypts the password with the user salt
  def encrypt(password)
    self.class.encrypt(password, salt)
  end

  def authenticated?(password)
    crypted_password = encrypt(password)
  end

   def encrypt_password
      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#
{login}--") if new_record?
      self.crypted_password = encrypt(password)
   end

please do tell me...

MD5 is a hash algorithm, which means it’s a one-way encryption. You have no way of decrypting the hash to the original password. And since you are using a salt, even the rainbow tables hackers use will be pretty useless.

If your app isn’t in production yet, you could consider a decryptable algorithm, like the ones you can find in Sentry: http://sentry.rubyforge.org/

Best regards

Peter De Berdt

> I want decrypt a password which is encrypted by MD5.

MD5 is a hash algorithm, which means it's a one-way encryption. You
have no way of decrypting the hash to the original password. And since
you are using a salt, even the rainbow tables hackers use will be
pretty useless.

And at least according to the snippet posted, it's not MD5 it's SHA1
(which is harder to brute force)

Fred

Indeed, missed out on that, but the conclusion is still the same, digesting is one way, so you can’t decrypt the password in a convenient way. It’s easier just to implement a password reset routine.

Best regards

Peter De Berdt

md5(md5(md5(Password-With-Salt)))=2787551f694768be48c6944a3a1e6b6d