Md5 and Salt in Mysql

Question

how can "decode" the password stored in various e-commerce adding "salt". I'm not crypth experts... so, in past, i used something like:

SELECT * FROM mytable WHERE email=@email AND passwd=MD5(@pwd) 

MySql MD5 function accept only one parameter... How can i do if i have a Salt string ? Thanks

Answer 1

You need to add a column in mytable called salt and then retrieve this value when creating the MD5 Hash:

SELECT * FROM mytable WHERE email=@email AND passwd=MD5(salt + ':' +@pwd)

When inserting the record you would do:

INSERT INTO mytable(email, salt, passwd)
VALUES (@email, @salt, MD5(salt + ':' + @pwd)