Reversable Encryption OR Storing Passwords online - Page 2

abdulmueid · 05-24-2006, 03:37 PM

From what i've read, mcrypt and base64 use a fixed algorithm for encrypting data so they know that by reversing that algo, it is decrypted.

Now a hash like MD5 generates a random algorithm at the time of encryption, encrypts the string and now the algorithm doesn't exist anymore.. therefore irreversible. Correct me if I am wrong.. someone.

PoorDoggie · 05-24-2006, 03:41 PM

wow, that is absolutely ingenious!

I would never have thought of that.

Theoretically, that algorithm is reversible if found out though right?

I am thinking if there is anyway of doing something like that, but then with a reversible function. Maybe storing an encryption key in the string or something? I suppose it will still be reversible, but then again the more ambiguous, the more secure right?

abdulmueid · 05-24-2006, 03:52 PM

A hash is definately more secure than anything else... but I would still prefer to have my own algorithm.

And yes, the more ambiguous, the more secure..

nasaboy007 · 05-24-2006, 04:33 PM

Quote:

Now a hash like MD5 generates a random algorithm at the time of encryption, encrypts the string and now the algorithm doesn't exist anymore.. therefore irreversible. Correct me if I am wrong.. someone.

how could that be? if it made a new algorithm each time, it would not get the same result from the same input text each time.
????: NamePros.com http://www.namepros.com/programming/199278-reversable-encryption-or-storing-passwords-online.html

Quote:

I am thinking if there is anyway of doing something like that, but then with a reversible function. Maybe storing an encryption key in the string or something? I suppose it will still be reversible, but then again the more ambiguous, the more secure right?

as for that, how about u just pick like the 2nd letter (or better yet, make it like the second to last letter so that it changes depending on the length of the actual password) and convert that into binary. then once thats binary i guess u cud convert that back into its numerical value rather than text and use that as ur key value. of course, this number will most likely be INSANELY GINORMOUSLY LARGE for the purpose of base64 multiple times. so i suggest then taking that base 10 (decimal) value and subjecting it to various mathematical functions that will bring it down to a smaller value if it is over a certain value. of course, if the number comes down to something less than 10 (or w/e) it sumwhat defeats the purpose of doing all this since u wanted to generate a key that would be hard to brute force...

well if there was a better way to encode (much much faster) than base64, that method above (minus the whole make the humongous number smaller thing) would probably be the best bet.

as for decrypting it... ehhhhhhhhh

-_- damn it i did all that work and realized that it would be impossible (or next to impossible) to decode that sort of encryption without the original password...

well unless sum1 can think of one, cuz my brain is fried X_X

but hey thats a good idea

PoorDoggie · 05-25-2006, 03:49 AM

lol - I think I will just take a key and do hurrendous mathematical stuff to it, and then base64 it a few times depending on the size of the resulting number!

lol - a long string is a little bit OTT maybe.

Shorty · 05-25-2006, 11:13 AM

I was thinking yesterday, that if you did a few random string manipulation things and character replacements before you md5() the string, it would be a million times more secure...because, when the hacker brute forces the hash, instead of getting the password he'll get the manipulated version, and they'd still have to know what replaces what before they get the original...

And now that I think about that...imagine having a set of string replacements, then md5()'ing it, THEN manipulating the hash AGAIN and then md5()'ing it again...

PoorDoggie · 05-25-2006, 01:54 PM

kinda like my base64 method, but with md5? Thats a good idea, just to make it that little bit more secure. What I have done in the past is taken the first 16 letters of an md5 string and put them at the end. This way the string is different, but it also means more php code, and less efficient code.

nasaboy007 · 05-26-2006, 08:08 PM

but i thot the whole point of this was to make it decryptable... whats the point of using md5 if u cant decrypt that?

Tree · 05-27-2006, 08:25 AM

Just so you know, md5 is way more efficient than base64. Multiple instances anyways. On my server it seems to be different.

http://www.ncisolutions.com/misc/base64_md5.php

Try it out on your own server:

PHP Code:

  <?php 

function dbConnect(){

    mysql_connect("localhost","*************","******")

        or die("Couldn't connect to the database because ".mysql_error());

    mysql_select_db("*************")

        or die("Couldn't select database because ".mysql_error());

}

 
function randomChar($length)

{

$password = "";

$possible = "0123456789abcdefghijklmnopqrstuvwxyz";

$i = 0;

while ($i < $length) {

$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);

if (!strstr($password, $char)) {

$password .= $char;

$i++;

}

 
}

return $password;

}

$string = randomChar(rand(7,rand(8,rand(9,rand(rand(15,21),rand(22,37))))));

????: NamePros.com http://www.namepros.com/showthread.php?t=199278
for ($i=0;$i<50;$i++){

$timeparts = explode(' ',microtime());

$thetime = $timeparts[1].substr($timeparts[0],1);

 
$md5_string = md5($string);

 
$timeparts = explode(' ',microtime());

$starttime = $timeparts[1].substr($timeparts[0],1);

$timeparts = explode(' ',microtime());

$endtime = $timeparts[1].substr($timeparts[0],1);

$difference[$i] = bcsub($endtime,$starttime,6);

}

$md5_endtime = (array_sum($difference))/50;

 
for ($i=0;$i<50;$i++){

$timeparts = explode(' ',microtime());

$thetime = $timeparts[1].substr($timeparts[0],1);

 
$base64_string = base64_encode($string);

 
$timeparts = explode(' ',microtime());

$starttime = $timeparts[1].substr($timeparts[0],1);

$timeparts = explode(' ',microtime());

$endtime = $timeparts[1].substr($timeparts[0],1);

$difference[$i] = bcsub($endtime,$starttime,6);

}

$base64_endtime = (array_sum($difference))/50;

 
echo "<b>Original String:</b>".$string."<br><br>";

echo "<b>Final md5 Time:</b> ";

echo number_format($md5_endtime, 70, '.', '');

echo "<br>";

echo "Final md5 String: ";

echo $md5_string;

echo "<br><br><b>Final base64 Time:</b> ";

echo number_format($base64_endtime, 70, '.', '');

echo "<br>";

echo "Final base64 String: ";

echo $base64_string;

echo "<br><br><b>Fastest:</b> ";

dbConnect();

if ($md5_endtime < $base64_endtime) 

{

    echo "MD5 <br><b>By</b> ".number_format($base64_endtime-$md5_endtime, 70, '.', '')." <b>seconds</b>.";

    $query = mysql_query("SELECT * FROM `base64_md5`");

    $row = mysql_fetch_array($query);

    $newval = $row['md5']+1;

    mysql_query("UPDATE `base64_md5` SET `md5` = '$newval' WHERE `id` =0 LIMIT 1 ;");

}

if ($md5_endtime > $base64_endtime) 

{

    echo "Base64 <br><b>By</b> ".number_format($md5_endtime-$base64_endtime, 70, '.', '')." <b>seconds</b>.";

    $query = mysql_query("SELECT * FROM `base64_md5`");

    $row = mysql_fetch_array($query);

    $newval = $row['base64']+1;

    mysql_query("UPDATE `base64_md5` SET `base64` = '$newval' WHERE `id` =0 LIMIT 1 ;");

}

echo "<center><b><br><br>Total Wins</b><hr></center><br><br>";

$query = mysql_query("SELECT * FROM `base64_md5`");

????: NamePros.com http://www.namepros.com/showthread.php?t=199278
$row = mysql_fetch_array($query);

echo "<b>MD5:</b> ".$row['md5']."<br>";

echo "<b>Base64:</b> ".$row['base64'];

echo "<br><br><b>Last Calculation:</b> ".$row['date'];

mysql_query("UPDATE `base64_md5` SET `date` = '".date("Y-m-d h:i:s")."' WHERE `id` =0 LIMIT 1 ;"); 

mysql_close();

Someone else from NamePros originally gave me this script. I can't remember who it was, sorry. I did make some modifications though.

Thanks to t.m. for the random characters function.

*Added database functionality to track wins/losses

PoorDoggie · 05-27-2006, 03:54 PM

nope... base64 is more efficient, it has won way more times...

Originally Posted by Tree

Just so you know, md5 is way more efficient than base64

nasaboy: I wan't using md5 as an encryption option, but merely explaining methods of storage I have used in the past.
????: NamePros.com http://www.namepros.com/showthread.php?t=199278

Tom

Tree · 05-27-2006, 06:52 PM

Multiple instances of md5, I believe, is faster than multiple instances of base64. But it may be server-specific. I don't know. That's why I want people to try the code themselves.

05-26-2006, 08:08 PM	#33 (permalink)
nasaboy007 Senior Member Join Date: Jul 2005 Location: NJ Posts: 1,219	but i thot the whole point of this was to make it decryptable... whats the point of using md5 if u cant decrypt that? __________________ Hacksar.com - Your source for random computer tips and tricks! MySiteMemberships.com - Keep track of your site registration information! Like my post? Rep is appreciated!

05-27-2006, 08:25 AM	#34 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Just so you know, md5 is way more efficient than base64. Multiple instances anyways. On my server it seems to be different. http://www.ncisolutions.com/misc/base64_md5.php Try it out on your own server: PHP Code: <?php function dbConnect(){ mysql_connect("localhost","***********","**") or die("Couldn't connect to the database because ".mysql_error()); mysql_select_db("**********") or die("Couldn't select database because ".mysql_error()); } function randomChar($length) { $password = ""; $possible = "0123456789abcdefghijklmnopqrstuvwxyz"; $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } return $password; } $string = randomChar(rand(7,rand(8,rand(9,rand(rand(15,21),rand(22,37)))))); ????: NamePros.com http://www.namepros.com/showthread.php?t=199278 for ($i=0;$i<50;$i++){ $timeparts = explode(' ',microtime()); $thetime = $timeparts[1].substr($timeparts[0],1); $md5_string = md5($string); $timeparts = explode(' ',microtime()); $starttime = $timeparts[1].substr($timeparts[0],1); $timeparts = explode(' ',microtime()); $endtime = $timeparts[1].substr($timeparts[0],1); $difference[$i] = bcsub($endtime,$starttime,6); } $md5_endtime = (array_sum($difference))/50; for ($i=0;$i<50;$i++){ $timeparts = explode(' ',microtime()); $thetime = $timeparts[1].substr($timeparts[0],1); $base64_string = base64_encode($string); $timeparts = explode(' ',microtime()); $starttime = $timeparts[1].substr($timeparts[0],1); $timeparts = explode(' ',microtime()); $endtime = $timeparts[1].substr($timeparts[0],1); $difference[$i] = bcsub($endtime,$starttime,6); } $base64_endtime = (array_sum($difference))/50; echo "<b>Original String:</b>".$string."<br><br>"; echo "<b>Final md5 Time:</b> "; echo number_format($md5_endtime, 70, '.', ''); echo "<br>"; echo "Final md5 String: "; echo $md5_string; echo "<br><br><b>Final base64 Time:</b> "; echo number_format($base64_endtime, 70, '.', ''); echo "<br>"; echo "Final base64 String: "; echo $base64_string; echo "<br><br><b>Fastest:</b> "; dbConnect(); if ($md5_endtime < $base64_endtime) { echo "MD5 <br><b>By</b> ".number_format($base64_endtime-$md5_endtime, 70, '.', '')." <b>seconds</b>."; $query = mysql_query("SELECT FROM `base64_md5`"); $row = mysql_fetch_array($query); $newval = $row['md5']+1; mysql_query("UPDATE `base64_md5` SET `md5` = '$newval' WHERE `id` =0 LIMIT 1 ;"); } if ($md5_endtime > $base64_endtime) { echo "Base64 <br><b>By</b> ".number_format($md5_endtime-$base64_endtime, 70, '.', '')." <b>seconds</b>."; $query = mysql_query("SELECT * FROM `base64_md5`"); $row = mysql_fetch_array($query); $newval = $row['base64']+1; mysql_query("UPDATE `base64_md5` SET `base64` = '$newval' WHERE `id` =0 LIMIT 1 ;"); } echo "<center><b><br><br>Total Wins</b><hr></center><br><br>"; $query = mysql_query("SELECT * FROM `base64_md5`"); ????: NamePros.com http://www.namepros.com/showthread.php?t=199278 $row = mysql_fetch_array($query); echo "<b>MD5:</b> ".$row['md5']."<br>"; echo "<b>Base64:</b> ".$row['base64']; echo "<br><br><b>Last Calculation:</b> ".$row['date']; mysql_query("UPDATE `base64_md5` SET `date` = '".date("Y-m-d h:i:s")."' WHERE `id` =0 LIMIT 1 ;"); mysql_close(); Someone else from NamePros originally gave me this script. I can't remember who it was, sorry. I did make some modifications though. Thanks to t.m. for the random characters function. Added database functionality to track wins/losses Last edited by Tree; 05-27-2006 at 02:42 PM.*

05-24-2006, 03:37 PM	#26 (permalink)
abdulmueid Account Closed Join Date: Jun 2005 Location: Mozambique Posts: 607	From what i've read, mcrypt and base64 use a fixed algorithm for encrypting data so they know that by reversing that algo, it is decrypted. Now a hash like MD5 generates a random algorithm at the time of encryption, encrypts the string and now the algorithm doesn't exist anymore.. therefore irreversible. Correct me if I am wrong.. someone.

05-24-2006, 03:41 PM	THREAD STARTER #27 (permalink)
PoorDoggie Soon to be RICHdoggie! Join Date: Jan 2005 Location: UK Posts: 2,408	wow, that is absolutely ingenious! I would never have thought of that. Theoretically, that algorithm is reversible if found out though right? I am thinking if there is anyway of doing something like that, but then with a reversible function. Maybe storing an encryption key in the string or something? I suppose it will still be reversible, but then again the more ambiguous, the more secure right?

05-24-2006, 03:52 PM	#28 (permalink)
abdulmueid Account Closed Join Date: Jun 2005 Location: Mozambique Posts: 607	A hash is definately more secure than anything else... but I would still prefer to have my own algorithm. And yes, the more ambiguous, the more secure..

05-25-2006, 03:49 AM	THREAD STARTER #30 (permalink)
PoorDoggie Soon to be RICHdoggie! Join Date: Jan 2005 Location: UK Posts: 2,408	lol - I think I will just take a key and do hurrendous mathematical stuff to it, and then base64 it a few times depending on the size of the resulting number! lol - a long string is a little bit OTT maybe.

05-25-2006, 11:13 AM	#31 (permalink)
Shorty Senior Member Join Date: Sep 2005 Location: England Posts: 1,034	I was thinking yesterday, that if you did a few random string manipulation things and character replacements before you md5() the string, it would be a million times more secure...because, when the hacker brute forces the hash, instead of getting the password he'll get the manipulated version, and they'd still have to know what replaces what before they get the original... And now that I think about that...imagine having a set of string replacements, then md5()'ing it, THEN manipulating the hash AGAIN and then md5()'ing it again...

05-25-2006, 01:54 PM	THREAD STARTER #32 (permalink)
PoorDoggie Soon to be RICHdoggie! Join Date: Jan 2005 Location: UK Posts: 2,408	kinda like my base64 method, but with md5? Thats a good idea, just to make it that little bit more secure. What I have done in the past is taken the first 16 letters of an md5 string and put them at the end. This way the string is different, but it also means more php code, and less efficient code.

05-27-2006, 06:52 PM	#36 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Multiple instances of md5, I believe, is faster than multiple instances of base64. But it may be server-specific. I don't know. That's why I want people to try the code themselves.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)