frobak frobak - 2 years ago 73
PHP Question

Is it possible to find out the character length of a MD5'd password?

I have a hashed MD5 password saved in a MySQL database. Is there anyway to find out how many characters were in the original password?

I don't think there is because from what I've read it's difficult to decrypt a hashed password anyway.

Anyway I can do this?

EDIT: Because of the serious amount of backlash!! I'm not interested in decrypting a hash, because I know thats not a great idea from what I've read.

The reason I ask is because.

I am migrating an old system including historic database to a new updated application. All users, many thousands have their password saved in the database MD5, but most with less than 8 characters, so I just wanted to know if there was a way to know if their original password was over 8 characters, then I can bcrypt it or force users to change their password.

But I'll have to force all users to change their passwords by the looks of it

Answer Source

From OP's comment:

i was just purely asking to save forcing all users to ti change their passwords if their password was below a certain character limit – frobak

The answer to this then is to use strlen():

As for MD5, don't use it it's totally unsafe. A lot of water has gone under the bridge in over 30 years.

Use password_hash():

As for decrypting a hash; it can't be done/reversed; that's why it's called a hash and not encrypted.

There are what's called "Rainbow tables":

But I'll have to force all users to change their passwords by the looks of it

Consult the following: Converting md5 password hashes to PHP 5.5 password_hash()

That way you can "hit two posts with one stone".

However, MD5 is 32-length. You will need to increase that to 60+ in order to have the proper length when using password_hash() and as Jay Blanchard stated in his comment, otherwise that may fail "silently" later on when using password_verify().

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download