I have passwords for members on a site encrypted using MD5 and stored in the database. I want to implement a lost password f开发者_如何学运维unctionality where the user will be emailed their credentials if they forget them. But how to output the unencrypted password or is it one way encryption and hence impossible?

MD5 isn't encryption - it's a one-way hash. You can't reverse a one-way hash (theoretically you can find a plaintext that has an equivalent hash which is generally as good, but you can't in any reasonable amount of time), so you just need to set a new password and email it to them as a temporary, and/or just provide them a link to reset their password.

The point of using a one-way hash is to prevent exactly what you are trying to do. If you can read the plaintext password, then anyone who gets a hold of your database can too. Hint: what do you do with old backup media? Throw them in the trash? Criminals have been known to dumpster-dive for backups.

Instead of sending the user's password back to them, set up a system so they can reset their password. Read up on some articles about this before implementing it.

[Entire answer replaced thanks to prompting from CodesInChaos; the previous answer is in history.]

You should not use MD5 to store your passwords. See the LinkedIn password breach if you need any more compelling reason to move away from MD5.

To prevent a password database breach from being the headline news that it was for LinkedIn, you need to use a significantly better hashing function. DES-based crypt(3) might have been good enough in the late 70s, but modern bruteforce searching tools can easily test millions of candidate passwords per second.

By contrast, that same tool is able to bruteforce just thousands of bcrypt hashes per second. (Sadly they do not publish scrypt timings.) Your MD5 is millions of times worse than either of these ready replacements.

For a larger look at password safety, I recommend reading the Password security: past, present, future slides.

No

You can't recover the original password from the MD5 hash. It's a one way hash function.

Also

You shouldn't be providing them with the plain text password. What you should do instead is either allow them to change the password, or generate a random one for them to use and then force them to change it.

1. You shouldn't use MD5. Use sha1 and use also a salt, there is a lot of information on the internet.

2. The purpose of hashing the password is exactly that. It is used because the original password can't be gotten (theorically) so the password would be saved securily and it can be used to check if the password is correct easily.

3. Allmost all websites chose to generate a new password and send it by email as the forget password mechanism.

While it has been pointed ou that md5 is a hashing function, a function that takes a password and returns a string eg. f(password) == hash.

It IS possible to calculate a password that when put through this function that gives the same hash e.g f(password) == hash == f(password")

This is normally done by precaculating all of the possible passwords and storing the hashes of these in a rainbow table (See Wikipedia entry). It is possible to download such rainbow tables but they are HUGE!

You may not recover the same password that the user originally used due to collisions in the hashing function.

md5 is a one-way encryption/hashing function. Once hashed, a string can only be compared to it's hashed version and not decrypted.