tags:

views:

48

answers:

4
Q: 

decrypt result from server

I'm trying to decrypt a variable that I've encrypted from my web server and haven't gotten any luck. I've encrypted the variable on the site using sha1(variable) in php, but am stuck trying to decrypt it once its passed back to the iphone. If you have any other code other than sha1 that works, im happy with that too. thanks

+3  A: 

SHA1 is not an encryption technique.

SHA1 is a hash. It is designed to be irreversible.

Jonathan Leffler  2010-08-16 04:38:16
so what would be the most secure way to lets say retrieve a password thats returned as a JSON? (without showing the actual password)
Joseph Stein  2010-08-16 04:44:59
@Joseph: You check whether what the user gave you can be hashed (with its salt) to the value that was stored. The salt is a random number that you (a) keep and (b) add to the user-provided password. It ensures that even if everyone uses the same password, the hash values are all different.
Jonathan Leffler  2010-08-16 04:55:02
+2  A: 

You cannot decrypt a one-way hash. Key words here are one-way. The hashing algorithm only works one way.

In order to do a validity check, you should first compute the hash of the other string, then compare those.

Jacob Relkin  2010-08-16 04:40:29
ok, but in this case I need to know the original. How can I do this securely?
Joseph Stein  2010-08-16 04:46:39
Why can't you just apply the hash and **then** compare?
Jacob Relkin  2010-08-16 04:53:32
@Joseph: why do you need to know the original? It is generally reckoned to be bad practice to store the original password.
Jonathan Leffler  2010-08-16 04:56:26
I'm doing a lookup reference. The result could be an email address, a password, etc.
Joseph Stein  2010-08-16 04:58:59
A: 

If you have the password hashed, then you shouldn't need to 'un-hash' it, right? That's the whole point. You have the password stored in the db/server as a hash, and when you need to check it, you hash the user's login attempt and compare. Or perhaps I'm missing something?

Jorge Israel Peña  2010-08-16 04:48:15
+1  A: 

True, MD5 & SHA1 are one way hash algorithms. If you want to be able to encode and then decode a variable you will need to use the mcrypt functions.

Meloth  2010-08-16 05:34:07
Thanks Meloth. Do you happen to know any sample code for decrypting a variable on the iphone side?
Joseph Stein  2010-08-16 12:54:47
Here's a class I wrote some time back. It should give you a good start. http://pastebin.com/ffUNgRfC
Meloth  2010-08-16 16:25:07

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases