MD5 is actually not used for this as much. Then when you type in 'password', I see in the db I need to add 1b24, and I'd get the match. When I store the password, maybe I store 1b24|c4f8469e00c67d70dfbaa91cdf948fa8. I add that to the md5 data, which gets me c4f8469e00c67d70dfbaa91cdf948fa8. So, say for me, my salt is chosen to be, oh Idunno, '1b24'. So one technique is to add something called 'salt', a bit of uniqueness to your password.
#Md5 decode password
If I see 286755fad04869ca523320acce0dc6a4 in the db, I know your password is 'password'.
This is safer, but remember, the same password will always hash to the same md5. You've got the hash, but in theory you can't get the password. Then, even if you get the hash, you can't go backwards to get the password. On login, I get md5sum of the password you typed, and the md5sum in the db, see if they match. If I can break into your DB, I get the passwords. Why MD5? You don't want to store the actual password. You can't get the password back from the hash, that information is thrown away. But, it's hard to predict what an md5sum will be for any given string. The md5sum will always be the same for any string.
You take as many bits as you can, and out the end is 128 bits. MD5 can be thought of a fingerprint generator. Short answer: MD5 is a way of knowing enough about a password to compare it - a unique fingerprint - without actually keeping the password around.
0 kommentar(er)
