PHP MD5 Hash Generator with PHP Script

PHP MD5 Hash Generator with PHP Script

Every once in awhile you need to hash a string real quick. Create a MD5 hash from a string using this MD5 Hash Generator. The strings entered and the MD5 hashes created on this page via the demo below are discarded after generation. They are not stored. Don’t trust me on that though! Use to demo to create your own MD5 hash page. If you are new to hashing, you might want to read the information below before using or downloading the MD5 generator script at the bottom of the page.

A little more information on hashing

MD5 Hashing is when you take a plain text string and use a cryptographic function to garble it up into a hash. Unlike encryption, hashing is a one way street and there is no “formula” for reversing the hash back into plain text. The great thing about hashing is that it is consistent. The MD5 hash for one of the most common user passwords, “monkey”, will alway be “d0763edaa9d9bd2a9516280e9044d885”.

So instead of storing your user’s passwords in plain text format you should hash them then store them. Next time your visitor logs into your website, they will enter their username and password, you will run the password string that they supply during login through the MD5 hash function again, and look for the match in the user table of your database.

Everything is secure now, right? Not so fast. We now know that the MD5 hash for “monkey” will always be “d0763edaa9d9bd2a9516280e9044d885”. So now that ‘monkey’ and it’s hash have been matched – that string and hash combo have been compromised! In fact, every common password and all dictionary passwords have already been matched with their MD5 counterparts and made available for reverse lookup. It would simply take a few simple queries to match the MD5 with a string.

So now we are back where we started with a database table full of MD5 hashed passwords that could compromise our site and users, should a hacker gain access to our table of login data.

Overcoming MD5 Weakness with Salting

The consistency of MD5 hashing is both its greatest strength and weakness. We can patch this flaw with “salting”.

Unless you have really strict password guidelines, most users will choose a short, simple password for their login. Passwords like abc123, password, and… “monkey” will be commonly used.

Salting is when you append an additional string to your user’s password before hashing it.

This will make even a stupid simple password like “monkey” unmatchable should your logins be compromised.

Here is how we would salt the stupid simple “monkey” password:

So now ‘monkey’ has been disguised. Whenever our registered user returns to our site and logins, all we have to do is consistently join our secret salt back to the users password before hashing and comparing the results stored in our login database.

PHP MD5 Hash Generator with PHP Script

I don’t store the strings created here, but you shouldn’t trust me on that! Use the code below to create your own PHP MD5 hash tool page.

This code contains PHP, so it needs to be saved on a page with a PHP extension. SQL injection is not a problem since we are not storing this information in a database… right?

A demo of this script is available below:

MD5 Value:

11 thoughts on “PHP MD5 Hash Generator with PHP Script

  1. Thanks man… :D, but i want to know about the php script of MD 5 decrypter generator

    Sorry for my bad english.. i Hope u understand

    1. This script is for encrypting (“hashing” would be the more correct word) a string. Reversing this process and going from hash to string is something else entirely. There is no algorithm for that process (a good thing!).
      Many dictionary words and common passwords have been hashed, using scripts like this, then saved into a database with both the string and its hash matched and saved. Then a person could search the database for the hash and find the matching string. This only works if the hash and string already exists in the database though. If the hash is not in the database, then you are out of luck.

          1. I mean I encrypt a password and then I decrypt that password, I know it’s not decryptable.

Comments are closed.

© 2024 Hoover Web Development, LLC Evansville, IN Web Design 812-250-9874