开发者

how to decrypt the crypt("name")

how开发者_如何学JAVA to decrypt the crypt("name")


You can't. From the documentation:

Note: There is no decrypt function, since crypt() uses a one-way algorithm.

Reading documentation helps ;)


crypt is one way hashing, you can't decrypt it.

If you want to compare it against another string you could crypt that too and then compare the two crypted strings.


crypt — One-way string hashing


use two way hashing

try with mcrypt

tutorial


Since crypt() produces a hash decrypting is not possible. If you need to guess the original data ("name") you can use a combination of a brute force algorithm and a huge dictionary.


I have find an example for mcrypt and create the two functions, for text or for binary files:

function MyDecrypt($input,$key){    
        /* Open module, and create IV */
        $td = mcrypt_module_open('des', '', 'ecb', '');
        $key = substr($key, 0, mcrypt_enc_get_key_size($td));
        $iv_size = mcrypt_enc_get_iv_size($td);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        /* Initialize encryption handle */
        if (mcrypt_generic_init($td, $key, $iv) != -1) {
            /* 2 Reinitialize buffers for decryption */
            mcrypt_generic_init($td, $key, $iv);
            $p_t = mdecrypt_generic($td, $input);
                return $p_t;
            /* 3 Clean up */
            mcrypt_generic_deinit($td);
            mcrypt_module_close($td);
        }
} // end function Decrypt()


function MyCrypt($input, $key){
    /* Open module, and create IV */ 
    $td = mcrypt_module_open('des', '', 'ecb', '');
    $key = substr($key, 0, mcrypt_enc_get_key_size($td));
    $iv_size = mcrypt_enc_get_iv_size($td);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    /* Initialize encryption handle */
    if (mcrypt_generic_init($td, $key, $iv) != -1) {
        /* 1 Encrypt data */
        $c_t = mcrypt_generic($td, $input);
        mcrypt_generic_deinit($td);
            return $c_t;
        /* 3 Clean up */
        mcrypt_generic_deinit($td);
        mcrypt_module_close($td);
    }
}

For Example Crypt a string :

    $original_text = "Hello world !";
    $password = "abc123";
echo '<p>Original_text: '.$original_text.'</p>';
    $crypted_text = MyCrypt($original_text,$password);
echo '<p>Crypted_text: '.$crypted_text.'</p>';
    $decrypted_text= MyDecrypt($crypted_text,$password);
echo '<p>Decrypted_text: '.$decrypted_text.'</p>';

echo '<p>And if I try with a wrong password?</p>';
    $wrong_decrypted_text= MyDecrypt($crypted_text,"wrong_pw");
echo '<p>Decrypted with wrong password: '.$wrong_decrypted_text.'</p>';

I hope helpful


You can't truly decrypt it, because there are (infinitely) many strings such that crypt($input) == crypt("name") -- but you can, via brute-force trial-and-error, find some of those strings.

If you know or suspect that the original string is a short dictionary word, and you find a short dictionary word that produces the same output, chances are you have "decrypted" the original string.

md5 and many weaker hash functions are attacked in this way routinely.


<?php

$hashed_password = crypt('mypassword'); // let the salt be automatically generated

/* You should pass the entire results of crypt() as the salt for comparing a
   password, to avoid problems when different hashing algorithms are used. (As
   it says above, standard DES-based password hashing uses a 2-character salt,
   but MD5-based hashing uses 12.) */
if (hash_equals($hashed_password, crypt($user_input, $hashed_password))) {
   echo "Password verified!";
}

?>
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜