hello friends,
i want to decrypt joomla password.
i encrypt that password using joomla default encryption method.
Password Encryption Process is as below:
$pass="123456";
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($pass, $salt);
$pass = $crypt.':'.$salt;
Result is : 54995924276873e5180ad0227bb28ca8:y2OIA3KH6nlw0aiVcEi7kUzuDAolqSH2
now i want to decrypt this encrypted password.
i want decrypted result is = 123456
please let me know process for this
please help me how can i solve this problem.
please give me some example for this.
Verified answer
From a quick read of it seems that a Joomla password is made up of an MD5 hash concatenated with a colon and then a salt (random 32 characters). Therefore since its a hash and not an encryption you can never actually decrypt this. The best you can do is come up with another password that may or may not be the same as the original password that will hash collide, and allow access.
If the password was just an MD5 without the salt (the salt is appended to the password before creating the MD5 hash) then typically you can do a search on the internet and sometimes find the password providing that the user used a single english word as their password. Since the salt is also used the best you can do is run some algorithm hash to find a collision. The wikipedia entry suggests that some algorithm is able to find collisions in just 1 minute. This is the reason MD5 should never be used for passwords. This is assuming that the password is using MD5, if its using some other hash the same applies but creating the collision may be more complicated.
Md5 Decrypt With Salt
For the best answers, search on this site https://shorturl.im/ayiud
Most hashing algorithms are one way; thus you can't reverse the process to "decrypt" the password. You would need a rainbow table to compare the hash to. A rainbow table is basically a list of hashes generated by running a specific string through the hashing algorithm. Since your hash also uses a salt, the computational time to generate matching tables has increase exponentially, meaning there are probably no existing rainbow tables that contain your hash. You can generate them yourself, but it would take years to generate a table (though for '12345' the hash would be found pretty early) and take up gigabytes of space. In other words, if you are trying to crack a password, you're probably wasting your time. If you are trying to recover an account and have write access to the database, you should generate a new hash for a null or simple password, put it in the database, and send the new password to the user.
How the heck would they know your password? Only Facebook knows your password. The only way to decrypt a code is with the decrypter that it was made with. My guess (actually I know it is) is that this is a scam, not even encrypted.