 Md5 Encryption :d, i love it |
|
|
|
|
  |
 Jan 26 2005, 10:39 PM
Post
#1
|
|
|
Newbie  Group: Members Posts: 1 Joined: 26-January 05 Member No.: 3,446  |
I love md5 encryption
CODE <? /* A simple MD5 password encryption tool Created By: gikid */ //Creates a varible holding the password $password = "The_Password"; //Encryptes the password into an "irreversible" MD5 form $encpass = md5($password); //Prints out the encrypted password print($encpass); ?> you should try it out |
 |
 
|
|
Jan 27 2005, 08:03 AM
Post
#2
|
|
|
Advanced Member Group: Members Posts: 114 Joined: 9-August 04 From: Suzhou Jiangsu China Member No.: 743 |
QUOTE(gikid @ Jan 26 2005, 10:39 PM) I love md5 encryption CODE <? /* A simple MD5 password encryption tool Created By: gikid */ //Creates a varible holding the password $password = "The_Password"; //Encryptes the password into an "irreversible" MD5 form $encpass = md5($password); //Prints out the encrypted password print($encpass); ?> you should try it out  Me,too. All the password in my applications are cyphered by MD5. It's a one-way-hashing algrithem. |
|
|
|
|
Jan 28 2005, 06:24 AM
Post
#3
|
|
|
Advanced Member Group: Members Posts: 144 Joined: 24-July 04 From: Arizona Member No.: 189 |
wtf way too long a script, all that is so easy you don't even need the comments
CODE <?php echo md5('The_Password'); ?> See how I did that with ONE and ONLY ONE line? |
|
|
|
|
Oct 13 2006, 08:31 AM
Post
#4
|
|
|
Super Member Group: Members Posts: 357 Joined: 8-April 06 Member No.: 21,487 |
Dear gikid i love md5 too
but md5 is not very secure , i think now all hackers can recode md5 , and its not good  ( for designers you can make custom md5  and save in databasefor example vb (forum) save custom md5 password bind real password and real day signup and then md5 this string have good day |
|
|
|
|
Oct 13 2006, 08:48 AM
Post
#5
|
|
|
Premium Member Group: Members Posts: 162 Joined: 10-May 06 Member No.: 23,375 myCENT:NEGATIVE[-4.47] |
Well you should use a salt for additional security.
Now a salt is a additional number that is specific only to the user like his ID or day of signup. This is because MD5 gives the same encrypted text for some words (though one in a million match). So for additional security from hackers and for the safety of the users use a salt like the users id. Just join the users id with the password given by him and then use md5 to encrypt it.That should do the trick. Also sha1() is a more popular and believed to be more safer encrypting technique for the passwords and secret answers to the questions. |
|
|
|
|
Oct 14 2006, 07:30 PM
Post
#6
|
|
|
Privileged Member Group: Members Posts: 535 Joined: 14-February 05 From: Oslo, Norway Member No.: 3,759 |
md5 is not possible to "decrypt", so it's very safe. The only way to find out what the MD5 hash is, would be to either brute force or to search in an md5 database. MD5 databases are databases storing thousands of MD5 hashes and the words they are linked to.
If you salt the passwords, there won't be any databases that stores a password with a salt (not any large databases as far as I know), so doing a md5 with this script should be very secure: CODE <?php $hash = md5($password . $user_registration_date . $password . $user_id . $username); ?> It might be a long code, but hey, it's safe!
|
|
|
|
|
Oct 14 2006, 08:06 PM
Post
#7
|
|
|
Super Member Group: Members Posts: 204 Joined: 6-October 04 From: London, uk Member No.: 1,444 |
There's no way anybody could crack that
IMO even this would be enough: CODE <?php $hash = md5($password . $user_id); ?> Because those databases won't have every word combined with every number 
|
|
|
|
|
Oct 15 2006, 03:46 AM
Post
#8
|
|
|
Premium Member Group: Members Posts: 162 Joined: 10-May 06 Member No.: 23,375 myCENT:NEGATIVE[-4.47] |
Thats right and that is why i suggested to use a salt as MD5 Dictionaries use normal English words only not user ids.
|
|
|
|
|
Oct 15 2006, 07:02 AM
Post
#9
|
|
|
Privileged Member Group: Members Posts: 873 Joined: 30-July 04 Member No.: 246 |
Using a salt is certainly a good idea, but it not 100% secure. Even combining details as mentioned by Amezis isn't going to absolutely guarantee against the password being broken. In order for a password to work, you are obviously going to need to re-hash it from plaintext at some point in order to compare it against the already hashed password stored in the database - and if someone manages to obtain the exact code you are using to do this, re-creating the hash isn't going to be overly difficult. In Amezis' example, for instance, the attacker would simply need to obtain all the details that are being combined to create the hash - which they would presumably have if they were sniffing around your database to get the final hash in the first place - and then combine the applicable data with possible password combinations and run it through a dictionary cracker. It might be slightly more difficult, but it's certainly possible. IPB, for example, uses (or at least it used to use) a simple 4-character password salt which was hashed, and that hash was then concatenated with the plaintext password and hashed again, and the final value was stored in the database as the user's password. But all that had to be retrieved was the salt and the hash, and this process could very easily be repeated by anyone in order to eventually uncover the password.
This post has been edited by Spectre: Oct 15 2006, 07:04 AM |
