As already mentioned, you cannot decrypt MD5 without attempting something like hacking brute force, which is extremely resource-intensive, impractical and unethical.

However, you can use something like this to safely encrypt / decrypt / etc passwords:

 $input = "SmackFactory"; $encrypted = encryptIt( $input ); $decrypted = decryptIt( $encrypted ); echo $encrypted . '<br />' . $decrypted; function encryptIt( $q ) { $cryptKey = 'qJB0rGtIn5UB1xG03efyCp'; $qEncoded = base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), $q, MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ) ); return( $qEncoded ); } function decryptIt( $q ) { $cryptKey = 'qJB0rGtIn5UB1xG03efyCp'; $qDecoded = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), base64_decode( $q ), MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ), "\0"); return( $qDecoded ); } 

Using the encypted salt method would be even safer, but that would be a good next step after using the MD5 hash.

This question is tagged by PHP. But many people now use Laravel. This may help someone in the future. That is why I am responsible for Laravel. Easier to encrypt and decrypt using internal functions.

 $string = 'c4ca4238a0b923820dcc'; $encrypted = \Illuminate\Support\Facades\Crypt::encrypt($string); $decrypted_string = \Illuminate\Support\Facades\Crypt::decrypt($encrypted); var_dump($string); var_dump($encrypted); var_dump($decrypted_string); 

Note. Be sure to set a random string of 16, 24 or 32 characters to the key version of the config / app.php file. Otherwise, encrypted values ​​will not be secure.

But you should not use encryption and decryption for authentication. Rather, you should use a hash code and check.

To save the password in the database, enter the password hash and then save.

 $password = Input::get('password_from_user'); $hashed = Hash::make($password); // save $hashed value 

To verify the password, enter the password from the database

 // $user is database object // $inputs is Input from user if( \Illuminate\Support\Facades\Hash::check( $inputs['password'], $user['password']) == false) { // Password is not matching } else { // Password is matching } 

Hashes cannot be decrypted to verify this .

If you want to encrypt-decrypt, use the two-way encryption function of your database, for example AES_ENCRYPT (in MySQL).

But I will suggest the CRYPT_BLOWFISH algorithm for storing a password. Read this http://php.net/manual/en/function.crypt.php and http://us2.php.net/manual/en/function.password-hash.php

For Blowfish crypt() function -

 crypt('String', '$2a$07$twentytwocharactersalt$'); 

password_hash will be introduced in PHP 5.5.

 $options = [ 'cost' => 7, 'salt' => 'BCryptRequires22Chrcts', ]; password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options); 

After you have saved the password, you can check if the user entered the correct password by associating it again and comparing it with the saved value.