(Found It)

Now a new question...how do you decrypt the password stored in the database?

Sorry for asking, but why would you need to?

I do not think that it would be auto decrypted, since it would cause security concerns.

I'm basicly testing out my site and if it can be hacked. I do know that the password output is encrypted with md5, which is one way. But I have noticed that if you have a generator and use the same password such as "password" the output of the encryption stays the same and doesn't change variables. So, If someone was using something like brute force with the md5 encryter, with a catcher to record the input and output of every character and combination it would be possible to crack (if you even consider it that) the md5 encryption.

I basicly answered my own question. But then I realized that it would require access to the databases, so there are several layers of protection before I could even access the md5 output.

Wheew...this is a little confusing.

Wonder if Symantec would give me money if I actually firgured out a way to crack the encryption?

Lol....yeah right.

Yes you did answer your own question. This is why the importance of secure passwords. Although the encryption is possible to be broken, making the passwords secure enough could cause an attacker to spend months breaking it (if not years with heavy encryption.

And yes getting access to the database is another password protected layer of defense. The most vulnerable parts of the equation is the users and possible trojan (keylogger) infestation.

Sorry getting offtopic but this is my area of interest, Security-computer/network.

Correction regarding MD5's security:

A method of producing collisions in MD5 and related algorithms has been discovered that is more efficient than brute-force. What this means is that an attacker can produce two strings that hash to the same result in a "reasonable" amount of time.

This does NOT mean that an attacker can a) decrypt an MD5 hash or b) find another string that will MD5 to the same value. So MD5 protected passwords cannot be attacked by this method.

Note that all hashes have collisions in them-- reducing an infinite set of inputs to a finite set of outputs must have duplicates.

For all of those who still ignore it, SHA-0, MD5 and HAVAL-128 hashing algorithms are broken.

For more information, please visit :
http://www.cryptography.com/cnews/hash.html

And this is the reason that companies in the future will not use passwords alone. In the near future (and some now) it will be a pin number and security token to access secure data, or biometrics.