Decrypt a admin password (with salt)

rubyonrails-talk
1

Hello,

I want decrypt a password which is encrypted by MD5. there are 4 functions which i am using :

# Encrypts some data with the salt.   def self.encrypt(password, salt)     Digest::SHA1.hexdigest("--#{salt}--#{password}--")   end

  # Encrypts the password with the user salt   def encrypt(password)     self.class.encrypt(password, salt)   end

  def authenticated?(password)     crypted_password = encrypt(password)   end

   def encrypt_password       self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--# {login}--") if new_record?       self.crypted_password = encrypt(password)    end

please do tell me...

2

MD5 is a hash algorithm, which means it’s a one-way encryption. You have no way of decrypting the hash to the original password. And since you are using a salt, even the rainbow tables hackers use will be pretty useless.

If your app isn’t in production yet, you could consider a decryptable algorithm, like the ones you can find in Sentry: http://sentry.rubyforge.org/

Best regards

Peter De Berdt

3

> I want decrypt a password which is encrypted by MD5.

MD5 is a hash algorithm, which means it's a one-way encryption. You
have no way of decrypting the hash to the original password. And since
you are using a salt, even the rainbow tables hackers use will be
pretty useless.

And at least according to the snippet posted, it's not MD5 it's SHA1 (which is harder to brute force)

Fred

4

Indeed, missed out on that, but the conclusion is still the same, digesting is one way, so you can’t decrypt the password in a convenient way. It’s easier just to implement a password reset routine.

Best regards

Peter De Berdt

5

md5(md5(md5(Password-With-Salt)))=2787551f694768be48c6944a3a1e6b6d