Ex- WordPress, Magento, Opencart etc.
Every small developer like me start their work with MD5 encryption, because our teachers, colleges and some other direct or indirect people who instruct during learning recommend to use MD5 because it's impossible to crack.
If 'Yes' then 'Ok', If 'Not' then 'Ok'... Actually it's not impossible but almost impossible.
Why MD5 Encryption Almost Impossible To Crack but not Impossible ?
Sometime readers ask me a common question "Why you are creating confusion ?". Actually every Blogger having their own way to write article try to make their words more friendly, and I'm realize my current learning stage so try to make article simple as I can.
First we should know what is MD5 Encryption: MD5 implies a 128-bit encryption calculation, producing a 32-character hexadecimal hash, whatever the captcha. This calculation is not reversible, ie it is typically difficult to locate the original word from the MD5 hash.
I will answer 2nd question after cracking a WordPress MD5 Password
I just install a WordPress on my localhost after that I goto PhpMyAdmin and lookup WordPress database, after that reveal users data from wp_users table, and set password for admin account which I forgot.
I think you know well this steps, when we forget WordPress admin password it can be reset from PhpMyAdmin
(For This Article Click Here !).
Step 1- Set new password for WordPress admin account. (Choose MD5 encryption because WordPress store password in MD5 Hash only)
Step 2- Copy MD5 encrypted value and goto http://www.md5online.org/
Step 3- Enter MD5 key and captcha and hit Decrypt.
Step 4- You will get real code with hash, it's cracked !
Now what you will do to secure your MD5 password and avoid simple cracking or hacking, let's read down.
How to bullet secure MD5 Encryption:
As above procedure I repeat process but now I done a small changes, I tried to confirm security level of MD5.
I again reset password but now game is change, password is no easy as above. I add Capital letter, number & special characters.
After that again goto md5online.org and fill all details as required and hit to Decrypt.
Now sound like charm !, trust stability remains constant with MD5, means low secured password can easily Decrypt.
Reality behind MD5 Decryption, Alternative and Fact:
The best decision is to NOT utilize passwords alone any longer by any stretch of the imagination. Choose if login is truly required for your site, and on the off chance that it is, attempt to utilize a third gathering supplier first. On the off chance that that is impossible consider a secret key + token from RSA. Just utilize a secret key alone in the event that you have no other suitable choices.
At the point when hashing a secret word the key is to hash(password + salt) and the salt should be unique per client, and also difficult to guess. Utilizing the Username meets the first criteria and is superior to anything no salt or the same salt for every client. Furthermore, you would be shrewd to let the inquiry itself do the hashing. Moderate? Yes, and that is ALSO something to be thankful for.