how to decrypt the crypt("name")_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-02-23 23:08 出处：网络

how开发者_如何学JAVA to decrypt the crypt(\"name\")You can\'t. From the documentation: Note: There is no decrypt function, since crypt() uses a one-way algorithm.

相关专题：php

how开发者_如何学JAVA to decrypt the crypt("name")

You can't. From the documentation:

Note: There is no decrypt function, since crypt() uses a one-way algorithm.

Reading documentation helps ;)

crypt is one way hashing, you can't decrypt it.

If you want to compare it against another string you could crypt that too and then compare the two crypted strings.

crypt — One-way string hashing

use two way hashing

try with mcrypt

tutorial

Since crypt() produces a hash decrypting is not possible. If you need to guess the original data ("name") you can use a combination of a brute force algorithm and a huge dictionary.

I have find an example for mcrypt and create the two functions, for text or for binary files:

function MyDecrypt($input,$key){    
        /* Open module, and create IV */
        $td = mcrypt_module_open('des', '', 'ecb', '');
        $key = substr($key, 0, mcrypt_enc_get_key_size($td));
        $iv_size = mcrypt_enc_get_iv_size($td);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        /* Initialize encryption handle */
        if (mcrypt_generic_init($td, $key, $iv) != -1) {
            /* 2 Reinitialize buffers for decryption */
            mcrypt_generic_init($td, $key, $iv);
            $p_t = mdecrypt_generic($td, $input);
                return $p_t;
            /* 3 Clean up */
            mcrypt_generic_deinit($td);
            mcrypt_module_close($td);
        }
} // end function Decrypt()


function MyCrypt($input, $key){
    /* Open module, and create IV */ 
    $td = mcrypt_module_open('des', '', 'ecb', '');
    $key = substr($key, 0, mcrypt_enc_get_key_size($td));
    $iv_size = mcrypt_enc_get_iv_size($td);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    /* Initialize encryption handle */
    if (mcrypt_generic_init($td, $key, $iv) != -1) {
        /* 1 Encrypt data */
        $c_t = mcrypt_generic($td, $input);
        mcrypt_generic_deinit($td);
            return $c_t;
        /* 3 Clean up */
        mcrypt_generic_deinit($td);
        mcrypt_module_close($td);
    }
}

For Example Crypt a string :

    $original_text = "Hello world !";
    $password = "abc123";
echo '<p>Original_text: '.$original_text.'</p>';
    $crypted_text = MyCrypt($original_text,$password);
echo '<p>Crypted_text: '.$crypted_text.'</p>';
    $decrypted_text= MyDecrypt($crypted_text,$password);
echo '<p>Decrypted_text: '.$decrypted_text.'</p>';

echo '<p>And if I try with a wrong password?</p>';
    $wrong_decrypted_text= MyDecrypt($crypted_text,"wrong_pw");
echo '<p>Decrypted with wrong password: '.$wrong_decrypted_text.'</p>';

I hope helpful

You can't truly decrypt it, because there are (infinitely) many strings such that crypt($input) == crypt("name") -- but you can, via brute-force trial-and-error, find some of those strings.

If you know or suspect that the original string is a short dictionary word, and you find a short dictionary word that produces the same output, chances are you have "decrypted" the original string.

md5 and many weaker hash functions are attacked in this way routinely.

<?php

$hashed_password = crypt('mypassword'); // let the salt be automatically generated

/* You should pass the entire results of crypt() as the salt for comparing a
   password, to avoid problems when different hashing algorithms are used. (As
   it says above, standard DES-based password hashing uses a 2-character salt,
   but MD5-based hashing uses 12.) */
if (hash_equals($hashed_password, crypt($user_input, $hashed_password))) {
   echo "Password verified!";
}

?>