Md5() - Page 2

Shorty · 06-11-2006, 10:58 AM

One thing I like to do is this:
$password = md5($password);
$password = strrev($password);
Just as an added measure of confusion.

There's absolutely nothing stopping anyone adding dozens of sha1's and md5's, or whatever else they want to do. I imagine it makes them safer, but I suppose it's effectiveness wears off.

One thing I would reccomend is just do a few random letter replacements, the more the better. Just make sure you store them in an external include (.php so they cant be opened) so that you can call them again when handling logins etc.

ApeXX · 06-11-2006, 11:01 AM

Originally Posted by asgsoft

MD5, a hash encrytion of texts. although it is supposed to be uncovertable it can be converted back recently. it is a very easy function to use but uesed a lot in sending encrypted data and storing it, like this forum it uses it to store passwords. this is how it works:

PHP Code:

  $text="test text";

????: NamePros.com http://www.namepros.com/webmaster-tutorials/173486-md5.html
$encrypted= md5($text);

echo $encrypted;

this will ouput 1e2db57dd6527ad4f8f281ab028d2c70. but to make it more secure like what IPB does it to double encypt it. so it looks like this:

PHP Code:

  $text="test text";

$encrypted= md5(md5($text));

echo $encrypted;

this will output: a932721fa7514980123ca95f1e94cb47 which is harder to crack becuase it is an encrytption of an encryptiom.

hope that helps.

IPB also uses a salt, which I believe means they insert a random encrypted word into the final encryption pass.

tm · 06-11-2006, 11:33 AM

Originally Posted by ninedogger

doing md5(md5($string)) isn't necasarilly safer

No but something like
????: NamePros.com http://www.namepros.com/showthread.php?t=173486

PHP Code:

  $superencrypted = md5(sha1(md5(sha1(rand(0,1000000)).md5(sha1($str)));

is pratically unencryptable because there's no way somebody could guess how I encoded $superencrypted.

Dan · 06-11-2006, 12:40 PM

md5 is not decryptable.

They have giant databases with the word and it's hash. They try to find the hash you enter, and return the word.

If your encrypted text isn't completely basic (like 'hi'), they won't be able to tell you what it is.

tm · 06-11-2006, 01:16 PM

Not decryptable, but you can crack it by brute force. This is where you go through all the possible key combinations to see if it matches the original string.

Dan · 06-11-2006, 03:26 PM

You can crack anything with brute force, so saying that means nothing.

Quote:

$superencrypted = md5(sha1(md5(sha1(rand(0,1000000)).md5(sha1($str)) );

You can crack that by brute forcing. Have fun.

Tree · 06-11-2006, 04:47 PM

True. Anything that can be hashed can be "unhashed." Supercomputers combined with huge databases can "unhash" anything. Be it SHA1, MD5, MD4, or lesser know algorithms such as the AP, DEK, DJB, and the widely used ELF.

Combine supercomputers equivalent to those used for genetic sequencing and a database capable of more than 1.0873661566567430802736528525679*10^147 records (Oracle, IBM's DB2), and you'll have a database which can hold all possible combinations for a-z A-Z 0-9 and these special characters `~!@#$%^&*()_-+={[}]|\:;"'<,>.?/ for up to a string that is only 10 characters in length.

Quite large.

Tree · 06-12-2006, 07:11 AM

Found a Perl module just for this

http://search.cpan.org/~mwdhk/Digest...MD5/Reverse.pm

tm · 06-12-2006, 11:46 AM

Cool.

Somebody give me a 5 char md5

Dan · 06-12-2006, 12:22 PM

http://gdataonline.com/seekhash.php

That site doesn't crack it and the perl script just goes to the site.

06-11-2006, 01:16 PM	#30 (permalink)
tm Senior Member Join Date: Nov 2005 Location: on a oil rig just off Ireland Posts: 1,408	Not decryptable, but you can crack it by brute force. This is where you go through all the possible key combinations to see if it matches the original string. __________________ You design in photoshop, I code into valid XHTML/CSS. Professional PSD, PNG or HTML to tableless XHTML/CSS designs. For more info, send me a PM.

06-11-2006, 04:47 PM	#32 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	True. Anything that can be hashed can be "unhashed." Supercomputers combined with huge databases can "unhash" anything. Be it SHA1, MD5, MD4, or lesser know algorithms such as the AP, DEK, DJB, and the widely used ELF. Combine supercomputers equivalent to those used for genetic sequencing and a database capable of more than *1.087366156656743080273652852567910^147 records** (Oracle, IBM's DB2), and you'll have a database which can hold all possible combinations for a-z A-Z 0-9 and these special characters `~!@#$%^&()_-+={[}]\|\:;"'<,>.?/ for up to a string that is only 10 characters in length. Quite large. Last edited by Tree; 06-11-2006 at 04:59 PM.*

06-12-2006, 11:46 AM	#34 (permalink)
tm Senior Member Join Date: Nov 2005 Location: on a oil rig just off Ireland Posts: 1,408	Cool. Somebody give me a 5 char md5 __________________ You design in photoshop, I code into valid XHTML/CSS. Professional PSD, PNG or HTML to tableless XHTML/CSS designs. For more info, send me a PM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Md5	faisj	Programming	2	11-15-2005 09:29 PM
md5 table	axilant	Programming	4	06-29-2005 08:17 PM
MD5 or SHA1, which do you prefer?	nicholas	CODE	15	11-05-2004 12:00 PM

06-11-2006, 10:58 AM	#26 (permalink)
Shorty Senior Member Join Date: Sep 2005 Location: England Posts: 1,034	One thing I like to do is this: $password = md5($password); $password = strrev($password); Just as an added measure of confusion. There's absolutely nothing stopping anyone adding dozens of sha1's and md5's, or whatever else they want to do. I imagine it makes them safer, but I suppose it's effectiveness wears off. One thing I would reccomend is just do a few random letter replacements, the more the better. Just make sure you store them in an external include (.php so they cant be opened) so that you can call them again when handling logins etc.

06-11-2006, 12:40 PM	#29 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,792	md5 is not decryptable. They have giant databases with the word and it's hash. They try to find the hash you enter, and return the word. If your encrypted text isn't completely basic (like 'hi'), they won't be able to tell you what it is.

06-12-2006, 07:11 AM	#33 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Found a Perl module just for this http://search.cpan.org/~mwdhk/Digest...MD5/Reverse.pm

06-12-2006, 12:22 PM	#35 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,792	http://gdataonline.com/seekhash.php That site doesn't crack it and the perl script just goes to the site.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)