How to decrypt hashed password using php?

Question

I'm currently using MD5 and SHA1 to save my users' passwords in a database but I don't know how to get them back in plain text. I tried to roll back same code I used to encrypt passwords but it gives me an error.

Code I'm using to encrypt passwords:

   $hashedpassword = md5(md5(sha1(sha1(md5($normalpassword)))));

I tried to do the same thing back like this

   $normalpassword = md5(md5(sha1(sha1(md5($hashedpassword)))));

Then I realized it's something funny :( !! Please help me...

Answer 1

Hashing ain't encrypting.

A hash function like MD5 and SHA1 can't be reversed, it only can be verifyed. That is usually the point for using a hash function, because the attacker cannot retrieve the clear passwords with the hashes (other attacks, like using rainbow-tables are ofc possible).

More details can be found here: http://en.wikipedia.org/wiki/Cryptographic_hash_function

If you want to store hashed passwords in databases, take a look at PHPass. It is a good class for php to hash and verify passwords as good as currently possible and is widely used in modern php based web applications.

Answer 2

Why are you even encrypting them if you eventually want them back? Hashing is used precisely for the reason of being UNABLE to get passwords back in plaintext.

Use a symmetric cypher if you want them back.

Answer 3

You can't. Hashing is one way, you'll have to generate a new hash of the input at the login form and check if it is equal to the stored hash.

Answer 4

MD5 and SHA-1 are one-way hash functions, meaning you can't get back an original string from a hash value.