-4

I have encrypted username and password in php using crypt function. How can I decrypt that username and password?

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); 
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); 
$key = "This is a very secret key"; 
$text = "Welcome to the system."; 
echo strlen($text) . "\n";

This doesn't print anything. What am I doing wrong?

Shankar Narayana Damodaran
  • 68,075
  • 43
  • 96
  • 126
ads
  • 17
  • 3
  • hello and welcome to stackoverflow. If you want help, we need to see some code :) Why not paste your code and let us examine it? – Herr Dec 01 '11 at 18:35
  • 3
    This question seems a bit dodgy to me - sounds like you're trying to obtain someone else's credentials without their permission. – xil3 Dec 01 '11 at 18:37
  • 1
    Could be perfectly legit too. First time I started storing encrypted passwords in a database I didn't understand how to check if the user inputed the correct one at login :P. I've learned quite a bit since then... – sirmdawg Dec 01 '11 at 18:40
  • xil3 it must not be something malicious. Why not wait and see what it will be – Herr Dec 01 '11 at 18:45
  • FYI-I am working on building authentication system in PHP. I am not trying to acquire anyones login credentials. I was playing with many functions like base_64,md5,crypt etc. Just wanted to know which one is most secure and i found crypt to be most helpful but could not decrypt it. – ads Dec 01 '11 at 19:05
  • @ads I see that you're using the first example from [the `mcrypt_encrypt()` man page](http://us3.php.net/mcrypt_encrypt). First, check to make sure you have the mcrypt extension enabled. If you do, the code you shared should only print a number. See the rest of that example to generate the encrypted string into `$crypttext`. – Wiseguy Dec 01 '11 at 19:15

4 Answers4

7

You can't. The crypt() function is a one-way hashing function.

If you're using a different function that does perform encryption (such as mcrypt_encrypt()), please share which.

Wiseguy
  • 20,522
  • 8
  • 65
  • 81
  • $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $key = "This is a very secret key"; $text = "Welcome to the system."; echo strlen($text) . "\n";This doesn't print anything. What am i doing wrong? – ads Dec 01 '11 at 19:06
  • Ah, thank you. This is useful information that belongs with the question, so please edit your original question to add it. – Wiseguy Dec 01 '11 at 19:10
  • What is the error in my code? – ads Dec 01 '11 at 19:46
  • @ads See my comment to the question above. – Wiseguy Dec 01 '11 at 19:50
  • I am not storing encrypted password in DB. I have to pass the encrypted username from main authentication system to a sub portal and allow the user access to that portal. SO i plan to descrypt the username in sub portal. I cannot use mcrypt_encrypt as the code i posted is not working. – ads Dec 01 '11 at 22:15
  • @ads We're trying to figure out _why_ it is not working. Did you check that the mcrypt extension is enabled in PHP? – Wiseguy Dec 01 '11 at 22:20
  • i did not find the mycrypt.so extension in my php.ini file. Can i add it? – ads Dec 01 '11 at 22:30
  • @ads Perhaps, but mcrypt might be compiled into the PHP binary itself. Check if it's enabled with `phpinfo()`. If it isn't, then figure out how to enable it. – Wiseguy Dec 01 '11 at 22:34
5

From the PHP documentation for crypt():

Note: There is no decrypt function, since crypt() uses a one-way algorithm.

Wiseguy
  • 20,522
  • 8
  • 65
  • 81
3

crypt() is a one-way encryption on PHP. You can't decrypt it back.

If you want to use encryption-decryption functions, check this PHP manual

Shankar Narayana Damodaran
  • 68,075
  • 43
  • 96
  • 126
1

You don't.
You would verify a users credentials against the hash version you have stored. http://simple.wikipedia.org/wiki/Cryptographic_hash_function

So if a user signs up you hash their password so no one, not even you knows what it is. This is a security measure. When a user tries to log in to your site, you take their password call crypt() on it again and verify that entry in your storage.

dm03514
  • 54,664
  • 18
  • 108
  • 145