I have data in mySQL database table as "2888f3f0-286a-11db-954d-b1740a14150f".
I am not sure how to decrypt it or get the actual text for this value.
First of all, check the algorithm/function through which it got encrypted and ultimately you will be able to decrypt the code IF decryption function is available
otherwise, you can't get the text from this text
I need to encrypt some specific columns in mysql database. I researched and found few ways like AES_ENCRYPT functions, but these solutions requires sending the key value in the query.
I am looking for a solution where password can be stored in database some location and mysql can automatically use that value to encyrpt or decrypt that particular column?
Thank you.
I am having trouble to transfer email user account which is saved in MySQL to another server. Here is the detail:
I have an old email server which using MySQL to store user account information. The password field uses MySQL ENCRYPT function to save the users password. So if I want change the user's password I can do:
UPDATE `mail`.`users` SET `password` = ENCRYPT( '12345' ) WHERE CONVERT( `users`.`email` USING utf8 ) = 'g#veecall.com' LIMIT 1 ;
Then the new password "12345" saved in the table as string of " 2I6JOeg.JukJ."
Now I build a new server using iRedMail. When I try to transfer user account I have trouble to transfer the password field. Because the iRadMail/dovecot is using MD5-CRAM to encrypt the password then save it in the MySQL. All the password string is started with "$1$".
So, is there a way to make the MySQL encrypted password string "2I6JOeg.JukJ." convert to MD5 hash "$1$................."?
Thanks for help.
Firstly MD5 is a hashing algorithm not a encryption algorithm. The main reason for this is that it is virtually impossible to calculate the original password from the hash value generated by MD5. MD5 creates a hash value and it basically a trap door function in other words it is a one way function.
Encryption will allow you to encrypt and decrypt IF you knew the key. Big difference. Hope you understand that.
Now for your problem.
Unless you have the original password before it was encrypted there is no reasonable way besides brute force to create the MD5 equivalent of the password. The encrypted passwords hash and the unecrypted/plain text password hash will be two different think.
If you can decrypt all the passwords you currently have to their plain text form you can perform the MD5 hashing on the plain text values. If you cannot get the original plain text then you are out of luck.
I have a mySQL database and I am using phpMyAdmin to access it. The database has table employees with fields like name, address, email and password.
Initially the password field was just VARCHAR (20). But now I want to hash my password with SHA-256 hashing technique.
I do not have much experience with databases so I want to know is -
can I hash all my current employees passwords without affecting the other fields or the entire table?
In future when I am entering data in the database (from a web application), where do I write the hashing function to hash the password? i.e. does the hashing occurs at the front end and then the hashed password is stored in the DB or the password goes to the DB where it is hashed and then stored.
Solution and Suggestions are appreciated.
Q1: Can I hash all my current employees passwords without affecting the other fields or the entire table?
A: Yes. But you need to alter the size of your column of the password by 40-42. You will use the PASSWORD( ) built-in function to encrypt your password
ALTER TABLE tableName MODIFY `password` VARCHAR(42);
after that you can now update the password column
UPDATE tablename
SET `password` = PASSWORD(`password`);
ex.)
abcde12345 => *20B30AFAF441808B50273EDA287132EC25B02DE2
Q2: In future when I am entering data in the database (from a web application), where do I write the hashing function to hash the password?
A: In your INSERT query
INSERT INTO tableName (name, address, email, password)
VALUES ('aa','bb',''cc,PASSWORD('abcde12345'))
when you want to search for the password, encrypt first the text:
SELECT *
FROM tableName
WHERE `password` = PASSWORD('abcde12345')
one more thing, don't forget to escape your Password column with backtick since it is a MySQL Reserved Word.
You can hash the password in php and then store it in the DB:
$pwd = hash('sha256',$_POST['password']);
MySQL does not support sha256 function so you need to hash by code and then store/update your password table. Otherwise you can consider this http://stuge.se/mysql-sha256/
can I hash all my current employees passwords without affecting the
other fields or the entire table?
Yes. For example, if you’re going to use the SHA-1 hashing function, you can add the corresponding column and hash all your passwords with one query:
alter table employee add column password_hash varchar(40);
update employee set password_hash = sha1(password);
It is assumed that your plain text password column is called “password”. You can drop the original column after you have the hashes, of course (and, most likely, this is exactly what you want to do next).
However, I strongly advice you to read more on hashing algorithms and pick something better. For example, you may want to use a different hashing function and/or add salt.
In future when I am entering data in the database (from a web
application), where do I write the hashing function to hash the
password? i.e. does the hashing occurs at the front end and then the
hashed password is stored in the DB or the password goes to the DB
where it is hashed and then stored.
Most commonly, the hashing occurs on the server side each time a user logs in. Then an authentication session is created and the session ID is stored in the user’s cookies (so you never store the password or it’s hash on the client side, however, you transmit it to the server when the user logs in, and this is why it is good to use SSL at least for authentication).
In some cases, you may want to even build a separate authentication backend which only accepts password hashing requests (so even if someone cracks into your system, the exact hashing schema would be still secret until they crack the hashing backend as well, which can be a lot harder if it’s built carefully enough). However, you would only need something like this in case you really care a lot about the security and it is really important. Otherwise the typical server side hashing will be enough.
I'm developing a website locally using XAMPP. There is a registration page in which I save the password, after encrypting it with MD5, to a MySQL database. The problem is that when I try to log in, I'm unable to. I discovered that the password was the problem. I checked the database and compared the MD5-ed password with the one I logged in with (I just echoed the MD5 hash of the password onto the page to compare). I found that the one in the database was shorter than the one echoed. My conclusion was that MySQL was chopping off some characters at the end of the hash. What should I do? I know it has to do with some settings on MySQL but I need help.
As at now, I have to use substr function on the hash in the registration and login processes so as to be able to log in.
If the column length is causing the problem, alter the column to accept a longer length. MD5's are always 32 hex digits, so VARCHAR(32) would be a good option.
It depends by the length of the value in the database ... check your field in the database and verify that his type is atleast something like a varchar(32)
To fix it you can use a query like that
ALTER TABLE Example
MODIFY password varchar(32)
or use the phpMyAdmin interface