Shorty

One thing I like to do is this:
$password = md5($password);
$password = strrev($password);
Just as an added measure of confusion.

There's absolutely nothing stopping anyone adding dozens of sha1's and md5's, or whatever else they want to do. I imagine it makes them safer, but I suppose it's effectiveness wears off.

One thing I would reccomend is just do a few random letter replacements, the more the better. Just make sure you store them in an external include (.php so they cant be opened) so that you can call them again when handling logins etc.

Please register or log-in into NamePros to hide ads

ApeXX

Originally Posted by asgsoft

MD5, a hash encrytion of texts. although it is supposed to be uncovertable it can be converted back recently. it is a very easy function to use but uesed a lot in sending encrypted data and storing it, like this forum it uses it to store passwords. this is how it works: PHP Code: $text="test text"; $encrypted= md5($text); echo $encrypted; this will ouput 1e2db57dd6527ad4f8f281ab028d2c70. but to make it more secure like what IPB does it to double encypt it. so it looks like this: PHP Code: $text="test text"; $encrypted= md5(md5($text)); echo $encrypted; this will output: a932721fa7514980123ca95f1e94cb47 which is harder to crack becuase it is an encrytption of an encryptiom. hope that helps.

IPB also uses a salt, which I believe means they insert a random encrypted word into the final encryption pass.

__________________
Travel Directory: http://www.travel247365.com/
Deep Link Directory: http://www.deeplink.us/
Googlest.com - As Seen On G4TV & Wired Magazine
SeatBeltPads.com (TM) Custom & Show Quality

tm

Originally Posted by ninedogger

doing md5(md5($string)) isn't necasarilly safer

No but something like

is pratically unencryptable because there's no way somebody could guess how I encoded $superencrypted.

__________________

Dan

md5 is not decryptable.

They have giant databases with the word and it's hash. They try to find the hash you enter, and return the word.

If your encrypted text isn't completely basic (like 'hi'), they won't be able to tell you what it is.

tm

Not decryptable, but you can crack it by brute force. This is where you go through all the possible key combinations to see if it matches the original string.

__________________

Dan

You can crack anything with brute force, so saying that means nothing.

Quote:

$superencrypted = md5(sha1(md5(sha1(rand(0,1000000)).md5(sha1($str)) );

You can crack that by brute forcing. Have fun.

Tree

True. Anything that can be hashed can be "unhashed." Supercomputers combined with huge databases can "unhash" anything. Be it SHA1, MD5, MD4, or lesser know algorithms such as the AP, DEK, DJB, and the widely used ELF.

Combine supercomputers equivalent to those used for genetic sequencing and a database capable of more than 1.0873661566567430802736528525679*10^147 records (Oracle, IBM's DB2), and you'll have a database which can hold all possible combinations for a-z A-Z 0-9 and these special characters `~!@#$%^&*()_-+={[}]|\:;"'<,>.?/ for up to a string that is only 10 characters in length.

Quite large.

__________________
NCIDev.com

Tree

Found a Perl module just for this

http://search.cpan.org/~mwdhk/Diges.../MD5/Reverse.pm

__________________
NCIDev.com

tm

Cool.

Somebody give me a 5 char md5 :P

__________________