Does anyone know ,how can a md5 generated value be converted back to normal string and its not about hacking.

It's impossible. That's the whole point of using a hash function.

But if you do figure it out, let me know & we'll share a Turing award.

Rainbow tables are the only way to know what a the hash could be, but due to the fact that MD5 is a one way encryption it's not worth the time/effort.

If you want to encrypt something, that can be decrypted use Base64.

Suppose I wanted to change md5 hashed string already stored, then through using md5, it can’t be done. Right? And wont using base64 would reduce the security?

the md5 hash is a one way encryption. it cannot be undone. the only way to "undo" it is to just bruteforce test every combination of characters until you get a matching hash. this is because you will always get the same hash when you md5 something. this is useful for password storage because u can check if the stored md5 hash is the same as the inputted md5 hash to see if it authenticates or not.

base64_encode is much less secure because all that's required is base64_decode. if you want to be able to decrypt information but still maintain security integrity, i suggest looking into the php mcrypt function. it's an extension, but your host should install it for you (if its not already installed, i know for a fact that hostmonster has it isntalled already - just do a function_exists('mcrypt') to check if its installed or not). it supports a wide range of encryption, such as blowfish, aes, etc., and you can supply your own key. since it uses a key to generate the encrypted version, it is more difficult to break because each distinct key generates a different encrypted and decrytped value and the only way the encrypted text could be decrypted would be with the correct key.

bas64 transformations are encoding, not encyrption. Don't use it for anything secure. The math gods have hacked md5, so there goes the Turing. Switch to using the hash() function in PHP with something like SHA512. That'll give you a few more years of security though you'll have to reset all the stored data.

Nasaboy's advice was solid.

To understand why you can't undo hashes, think about this: 1 string in gives 1 string out, another string in may give the same string out, so going backwards may give us more than 1 possible result. These potential duplications which are rare and the complicated mathematics behind it make it impossible to go backwards.

I believe AES is the current standard for encryption (a method supported by mcrypt).

Thanks for the valuable guidance.

when i work with md5 for say a password, I usually like to convert the pass to a hash $hash = md5($client_pass) then md5 that hash again to a little more security $match_pass = md5($hash)

Then when anything in regards to the client pass is dealt with, I just do the same thing again to see if there's a match.

I use salts with my hash like

PHP Code:

$pass = "78967";
$salt = dsfg"";
$hash = md5($pass.md5($salt));
$hash = md5($hash.$salt); // do this with sha512 also.