2 
public static String encryptPassword( String password ) {
    String encrypted = "";
    try {
        MessageDigest digest = MessageDigest.getInstance( "MD5" ); 
        byte[] passwordBytes = password.getBytes( ); 

        digest.reset( );
        digest.update( passwordBytes );
        byte[] message = digest.digest( );

        StringBuffer hexString = new StringBuffer();
        for ( int i=0; i < message.length; i++) 
        {
            hexString.append( Integer.toHexString(
                0xFF & message[ i ] ) );
        }
        encrypted = hexString.toString();
    }
    catch( Exception e ) { }
    return encrypted; 
}

I am using Java. I used this method for hashing the password and it correctly worked while storing into the database. Now I have difficulty with decryption. Are there any methods more effective than this one?

Improve this question
1
  • 1
    MD5 is a hash function, i.e. a one-way function. It is not possible to "decrypt" an MD5 code. Commented Jul 9, 2011 at 16:01

2 Answers 2

Reset to default
12

You can't decrypt it. MD5 is a hash - it's one way, unlike a two-way encryption algorithm.

You generally shouldn't be trying to decrypt passwords though - you store the hash (salted, ideally) and then compare the "known good" hash with the hash of the password given to you by the user later.

(I would avoid MD5 these days personally, but that's another story.)

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

That's brilliant. The "compare to the hash, not the password" statement.
@jon skeet.. then please any other way that i could refer. so that i could save my password encrypted form and reuse back it.
@Dinup: You shouldn't do that - storing passwords in a decryptable fashion is a really bad idea.
@jon Skeet.....if i didn't decrypt my password Then will it be safe for my application? it is easily viewable in normal form in database. please let me now how i can make password look other then the normal password
@Dinup: What do you mean by "it is easily viewable in normal form in database"? Do you mean you're storing the password in plain-text in the database? Stop doing that!
|
5

MD5 is a hash function, i.e. a one-way function. It is not possible to "decrypt" an MD5 code.

While not useful for encryption applications, hash codes are typically used for the following applications:

  • password storage:
    When user initially registers, the password he provides is submited to the hash function and the resulting code is kept on file. When he/she tries to login, the credential he passes then are submited to the same hash function, and the code so produced is compared to the hash code kept on file. The interesting benefit of this approach is that even if someone has access to the list of hash codes corresponding to users' password, he/she is not able to know what the passwords are, because if the irreversibility of the hash function.
  • detecting changes in data records
    The MD5 code provides a short code which can summarize the content of a whole record (with a relatively low probability but not impossibility that a different record content could have the same MD5 value); this code can then be use to detect if the record was modified without requiring access to the original record. This is used for fraud detection and also for quickly computing differential update sets for datasets which are updated on batch basis.
  • Providing keys for database indexing
    Again because of the relatively short size of the MD5 compared to the original data, MD5 or other other hash codes provide a way of building relatively compact indexes for data which may be quite long.

If you must... [store passwords so they can be retrieved at a later time] and BTW, there are many use cases where doing so is necessary (for example to be supplied to 3rd party site to login on-behalf of your application's various users etc.)...
...you should use a encryption algorithm such as Blowfish, DES, AES and the like (I'm only mentioning symmetric key encryption here, for while public key encryption may be used as well, it doesn't appear this is what is needed here).

Be sure to read-up about encryption and cryptography at large, for it is relatively easy to implement encryption-decryption applications which are not very secure :-( Also remember that the algorithm is only one of the elements (typically the "easier" one) of the whole chain.

Improve this answer

1 Comment

so please help for securing my password and reusing it back. thanks for the above description. i didnt know about it

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.