NamePros
Welcome, Guest! Ready to make a name for yourself in the domain business? We welcome both the hobbyist and professional domainer to join the discussion as part of the NamePros community.

Click here to create your profile to start earning reputation for posting, and trader ratings for buying & selling in our free e-marketplace. Build your trader rating with each successful sale. Our system has tracked over 100,000 sales and counting!
FAQ & TOS Register Search Today's Posts Mark Forums Read

Go Back   NamePros.com > Website Development Discussion Forums > Programming > CODE
Reload this Page Md5 encrypted passwords

CODE This forum is for posting code snippets and example scripts that aren't quite tutorials, but could be useful for others. You may post code snippets and/or completed scripts that you've written and want to share here.

Advanced Search
7 members in live chat ~  


Closed Thread
 
LinkBack Thread Tools
Old 09-16-2006, 10:43 AM THREAD STARTER               #1 (permalink)
Account Suspended
 
klavixs's Avatar
Join Date: Aug 2006
Location: Under a Bridge
Posts: 200
klavixs will become famous soon enoughklavixs will become famous soon enough
 



Cool Md5 encrypted passwords


Warning to novices in php this is a pretty advanced script and should be used by a person who is very knowledge in php if you insist on useing it on a novice stage it's at your own risk.

This scrypt checks a user inputed password and then encrypts it and checks the db's version of the md5 enc to see it is correct
PHP Code:

//str is the inputed password the user gave
Function Encpass($str)

{

//this now encrypts the inputed password
md5($str);

//this checks the encrypted version of the inputed password
//to the databases stored version to see if it's correct
//change usrpass to whatever variable you use for the retrieved pass from db your checking
if (md5($str) == $usrpass)
 
 {
  
//in your script check, if Cvalue equals 2 and it's a correct pass
  
$Cvalue "2";
 
  }
 
  else
  {
  
//but if its a 1 it's incorrect password
  
$Cvalue "1";
  }

}
//you should next check Cvalue to make sure it equals 2
//if you use this and like it a link to my website is appreciated but not required
// my website is http://onfiretechnologies.com and it's an arcade of flash games 
// and has lots of cheat codes so use what ever relateing text you wish 
this next part is for user registration

PHP Code:
//this part is for user registration to encrypt password in md5
//stpass is the inputed password to encrypt
Function CMd5Pass($stpass)
{
//npass is the new encrypted version of the orignal inputed pass
$Npass md5($stpass)
????: NamePros.com http://www.namepros.com/code/238391-md5-encrypted-passwords.html
}

//now to enter it in db. save the Npass variable to the db for password
//if you use this and like it a link to my website is appreciated but not required
// my website is http://onfiretechnologies.com and it's an arcade of flash games 
????: NamePros.com http://www.namepros.com/showthread.php?t=238391
// and has lots of cheat codes so use what ever relateing text you wish 
klavixs is offline  
Old 09-16-2006, 11:58 AM   #2 (permalink)
NamePros Regular
 
Noobie's Avatar
Join Date: Feb 2006
Location: Montreal, Quebec, Canada
Posts: 324
Noobie is on a distinguished road
 



I'm confused but....
PHP Code:
md5($str); //that line does nothing 
????: NamePros.com http://www.namepros.com/showthread.php?t=238391
run the script below you'll see.
PHP Code:
<?php
$str 
"a";
md5($str);
echo 
$str;
?>
The function is a little redundant but its a good way to advertise your site.
__________________
Goldkey.com is a scam
What's your BMI? | Timestamp Generator
Noobie is offline  
Old 09-16-2006, 12:08 PM   #3 (permalink)
Dan
Buy my domains.
 
Dan's Avatar
Join Date: Feb 2006
Posts: 2,792
Dan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant future
 


Autism Autism Autism Autism Autism Autism Autism
PHP Code:
if (md5($str) == $usrpass
That wouldn't work. You'd have to make $usrpass a global variable or make it in your function's input.

.. and for $Cvalue, I think it's more or less the same thing. You need to make it a global variable for it to be used outside of the function.
????: NamePros.com http://www.namepros.com/showthread.php?t=238391

The next code you posted just md5()'s the text and doesn't do anything with it.
Dan is offline  
Old 09-16-2006, 12:21 PM THREAD STARTER               #4 (permalink)
Account Suspended
 
klavixs's Avatar
Join Date: Aug 2006
Location: Under a Bridge
Posts: 200
klavixs will become famous soon enoughklavixs will become famous soon enough
 




the following is from www.w3schools.com
Quote:
Definition and Usage

The md5() function calculates the MD5 hash of a string.

The md5() function uses the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

From RFC 1321 - The MD5 Message-Digest Algorithm: "The MD5 message-digest algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA."

This function returns the calculated MD5 hash on success, or FALSE on failure.
Syntax

md5(string,raw)


Parameter Description
string Required. The string to be calculated
raw Optional. Specifies hex or binary output format:

* TRUE - Raw 16 character binary format
* FALSE - Default. 32 character hex number

Note: This parameter was added in PHP 5.0
????: NamePros.com http://www.namepros.com/showthread.php?t=238391

Example 1

<?php
$str = "Hello";
echo md5($str);
?>

The output of the code above will be:

8b1a9953c4611296a827abf8c47804d7


Example 2

In this example we will print the result of md5() and then test it:

<?php
$str = "Hello";
echo md5($str);

if (md5($str) == '8b1a9953c4611296a827abf8c47804d7')
{
echo "<br />Hello world!";
exit;
}
?>

The output of the code above will be:

8b1a9953c4611296a827abf8c47804d7
Hello world!
you might be right about the globals but it was a quick throw together for a friend
klavixs is offline  
Old 09-16-2006, 02:59 PM   #5 (permalink)
Domains my Dominion
 
sdsinc's Avatar
Join Date: Aug 2005
Location: Web 1.0
Posts: 9,955
sdsinc Has achieved greatnesssdsinc Has achieved greatnesssdsinc Has achieved greatnesssdsinc Has achieved greatnesssdsinc Has achieved greatnesssdsinc Has achieved greatnesssdsinc Has achieved greatnesssdsinc Has achieved greatnesssdsinc Has achieved greatnesssdsinc Has achieved greatnesssdsinc Has achieved greatness
 


Third World Education Find Marrow Donors! Find Marrow Donors! Find Marrow Donors! Find Marrow Donors! Animal Rescue Animal Cruelty AIDS/HIV Animal Rescue Wildlife Breast Cancer Animal Rescue Wildlife
A bit offtopic but isn't it best to use sha1 instead of md5 ?
__________________
NameNewsletter.com - free lists of available domain names
ZoneFiles.net (beta) - ccTLD and gTLD droplists
sdsinc is online now  
Old 09-16-2006, 04:46 PM   #6 (permalink)
NamePros Regular
 
Noobie's Avatar
Join Date: Feb 2006
Location: Montreal, Quebec, Canada
Posts: 324
Noobie is on a distinguished road
 



i've switched to sha1
__________________
Goldkey.com is a scam
What's your BMI? | Timestamp Generator
Noobie is offline  
Old 09-16-2006, 04:47 PM   #7 (permalink)
Dan
Buy my domains.
 
Dan's Avatar
Join Date: Feb 2006
Posts: 2,792
Dan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant future
 


Autism Autism Autism Autism Autism Autism Autism
I know how to use md5()...

You are using it inside of another function to do the same exact thing with a longer name and yours won't work.

Read: http://us3.php.net/global
Dan is offline  
Old 09-16-2006, 05:37 PM   #8 (permalink)
Senior Member
 
Barrucadu's Avatar
Join Date: Aug 2005
Location: East Yorkshire, England
Posts: 2,689
Barrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to behold
 




Heres a fixed version!

PHP Code:
function Validate($str$passwd){
????: NamePros.com http://www.namepros.com/showthread.php?t=238391
     if(
md5($str) == $passwd){
          return 
true;
     }else{
          return 
false;
     }
}

function 
Hash($str){
     return 
md5($str);

Barrucadu is offline  
Old 10-20-2006, 04:34 PM   #9 (permalink)
NamePros Regular
 
Richard's Avatar
Join Date: Jan 2006
Posts: 571
Richard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to all
 


Save a Life Tsunami Relief AIDS/HIV Save a Life
i highly suggest you don't use this code for MD5 encryption, extremely easy to crack (approx 1 - 3 seconds). In fact, you can crack it online at http://www.md5database.net/ to make it more secure you use a salt.
Richard is offline  
Old 10-20-2006, 05:37 PM   #10 (permalink)
Senior Member
 
dhscott's Avatar
Join Date: Apr 2006
Posts: 1,345
dhscott is a name known to alldhscott is a name known to alldhscott is a name known to alldhscott is a name known to alldhscott is a name known to alldhscott is a name known to all
 



Look, Md5 is stupidly hard to hack so don't say it is. People have got lucky with matching words with md5 hashes, simple as.

Using one or the other is not going to be sensible, the same result could happen.

The best you could do is to put an md5 into an sha1 and into rot13 and into salt...

Or simply just md5 the md5 hash...
dhscott is offline  
Old 10-20-2006, 05:41 PM   #11 (permalink)
Dan
Buy my domains.
 
Dan's Avatar
Join Date: Feb 2006
Posts: 2,792
Dan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant future
 


Autism Autism Autism Autism Autism Autism Autism
Originally Posted by qwhois
Or simply just md5 the md5 hash...
Bingo.
Dan is offline  
Old 10-20-2006, 06:38 PM   #12 (permalink)
Resistance is Futile
 
Kadenz's Avatar
Join Date: Apr 2006
Location: Montreal, Canada
Posts: 1,094
Kadenz is a name known to allKadenz is a name known to allKadenz is a name known to allKadenz is a name known to allKadenz is a name known to allKadenz is a name known to all
 



Wildlife Lou Gehrig's Disease (ALS)
Well, you could encrypt something easily. Just keep on md5ing and salting and sha1ing until your computer crashes, so it's pretty hard to crack stuff.
__________________
Freelance Web Developer
PHP, MySQL, XHTML, CSS, Javascript, jQuery, Wordpress
Portfolio: www.bundy.ca
Kadenz is offline  
Old 10-20-2006, 07:23 PM   #13 (permalink)
NamePros Regular
 
Tree's Avatar
Join Date: Feb 2006
Location: Atlanta, GA, USA
Posts: 335
Tree will become famous soon enoughTree will become famous soon enough
 



I just use md5 -> salt (700-7000 chars) -> sha1 -> rot13 -> md5

Works for me.
Tree is offline  
Old 10-21-2006, 06:49 AM   #14 (permalink)
NamePros Member
Join Date: May 2006
Posts: 160
TwistMyArm is on a distinguished road
 



Just to add my two cents worth: MD5 is NOT an encryption process, it's a hashing process.

Please, especially when using a "pretty advanced script" (sic) such as this, can we at least use the correct terminology?
TwistMyArm is offline  
Old 10-21-2006, 02:13 PM   #15 (permalink)
NamePros Regular
 
Tree's Avatar
Join Date: Feb 2006
Location: Atlanta, GA, USA
Posts: 335
Tree will become famous soon enoughTree will become famous soon enough
 



Good point. Encryption processes can be decrypted using a standard algorithm. Hashes cannot.
Tree is offline  
Old 10-25-2006, 03:02 AM   #16 (permalink)
NamePros Regular
Join Date: Oct 2006
Posts: 970
neroux has a spectacular aura aboutneroux has a spectacular aura about
 



Originally Posted by Richy
i highly suggest you don't use this code for MD5 encryption, extremely easy to crack (approx 1 - 3 seconds). In fact, you can crack it online at http://www.md5database.net/ to make it more secure you use a salt.
MD5 has its weaknesses, but it cannot be cracked in 3 second by far.
__________________
Paris loves CityPics

-- Do not let others be treated this way!
Last edited by neroux; 10-25-2006 at 03:10 AM.
neroux is offline  
Old 10-25-2006, 08:52 PM   #17 (permalink)
NamePros Regular
 
Richard's Avatar
Join Date: Jan 2006
Posts: 571
Richard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to all
 


Save a Life Tsunami Relief AIDS/HIV Save a Life
lmao, i have a 15 digit hash, md5database.net decrypts it straight away :S.

but if i use md5 then md5 and salt over that, it cant... that is much stronger. (type of hash ipb uses etc)
Richard is offline  
Old 10-26-2006, 01:58 AM   #18 (permalink)
NamePros Regular
Join Date: Sep 2006
Posts: 634
JBebbington will become famous soon enoughJBebbington will become famous soon enough
 



You do not get that there are billions of combinations, and md5database is very incomplete, there is a small chance that it has a standard dictionary word, but a mixed case, mixed character, and completely random string it will not decode.
JBebbington is offline  
Old 10-26-2006, 02:23 AM   #19 (permalink)
Senior Member
 
RickM's Avatar
Join Date: Sep 2005
Location: Herts, UK
Posts: 3,806
RickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant future
 


Cancer Survivorship Save The Children Save The Children Cancer Animal Cruelty Child Abuse Cancer Survivorship 9/11/01 :: Never Forget Animal Cruelty Child Abuse Animal Rescue Animal Cruelty Protect Our Planet Protect Our Planet Protect Our Planet Animal Cruelty Save a Life
md5database does not crack the MD5 keys, it has a database of keys people have entered...it only retrieves the already cracked info. If i enter "1234" into it to be encoded, that then gets added to their database. For example, i entered "88a712d55763cc29bb2986bba2493408" ("fgsg4352gv") into the decoder and it found nothing, but if i enter "fgsg4352gv" into the encoder it will then be added to the database.

To crack a md5 line takes quite a while...i created a script to do it and it took the script all day to crack a 5 char string.

The best way to protect yourself is double md5, salt or SH1 (but even SH1 can be cracked).

I've put together an encryption tool below, feel free to use it on your localhost to test out passwords and stuff

PHP Code:
  <?php

if($_POST['submit']) {

$username=htmlspecialchars(addslashes($_POST['username']));
$password=htmlspecialchars($_POST['password']);

//Simple MD5
$password2=md5($password);

//Double MD5
$password3=md5(md5($password));

//Almost foolproof, MD5, SHA1, MD5, SHA1
$password4=md5(sha1(md5(sha1($password))));

//Alternativly use a "salt" string (random 3 characters for each user in the database that is added to the begining or end of the encryption. Example below:
$salt="&~/"//Normaly this comes from the DB but im just doing an example here.
$password5=md5($password.$salt);
????: NamePros.com http://www.namepros.com/showthread.php?t=238391
????: NamePros.com http://www.namepros.com/showthread.php?t=238391

//Now i'll echo it all out into a nice little document :)
echo"<strong>RMWebs.net MD5 Tool</strong><br />You Entered The Following Information:<br /><strong>Username:</strong> ".$username."<br /><strong>Password:</strong> ".$password."<br /><br />
Here is the result of different methods of encryption:<br /><br />

<strong>Simple MD5:</strong> "
.$password2."<br />
<strong>Double MD5:</strong> "
.$password3."<br />
<strong>MD5-SHA1-MD5-SHA1:</strong> "
.$password4."<br />
<strong>MD5+Salt:</strong> "
.$password5."<br />
<br />
<strong>Recommended Use:</strong> MD5+Salt<br />
<strong>Most easy to crack:</strong> Simple MD5 followed by Double MD5<br /><br />

<font size=\"1\"><a href=\"http://www.rmwebs.net\">More usefull code and tools at RMWebs.net</a></font>"
;


}else {
?>
<form action="" method="POST">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Go!" />
</form>
<?php ?>
__________________
Disney World Fans - Mobile Apps for your WDW Vacation!
WSDReg - Affordable Domain Registration. Serving NP members since 2006!

Hotel Site Script - 15% Discount for NP members with code 'NPROS'
RickM is offline  
Old 10-26-2006, 03:17 AM   #20 (permalink)
Senior Member
 
Barrucadu's Avatar
Join Date: Aug 2005
Location: East Yorkshire, England
Posts: 2,689
Barrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to behold
 




I dont particularly like MD5, mainly because of md5 databases. I do however, have to use it because phpbb2 uses MD5 and I cant be bothered to rehash all the passwords, lol.

This is my preferred method when hashing passwords:
PHP Code:
$hash base64_encode(rot13(md5(sha1($password).$salt)).sha1($password.md5($password)).$password); 
????: NamePros.com http://www.namepros.com/showthread.php?t=238391
Barrucadu is offline  
Old 10-26-2006, 04:03 AM   #21 (permalink)
Senior Member
 
RickM's Avatar
Join Date: Sep 2005
Location: Herts, UK
Posts: 3,806
RickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant future
 


Cancer Survivorship Save The Children Save The Children Cancer Animal Cruelty Child Abuse Cancer Survivorship 9/11/01 :: Never Forget Animal Cruelty Child Abuse Animal Rescue Animal Cruelty Protect Our Planet Protect Our Planet Protect Our Planet Animal Cruelty Save a Life
Good method there...very secure

Heres another one...pretty much uncrackable (well...unless you can figure out a way to decode over 11 characters at a time)

PHP Code:
$hash=md5(sh1(str_rot13(md5(md5(md5($password.md5(sh1($password.$salt)))))))); 
????: NamePros.com http://www.namepros.com/showthread.php?t=238391
If you can crack that then you are very desperate
__________________
Disney World Fans - Mobile Apps for your WDW Vacation!
WSDReg - Affordable Domain Registration. Serving NP members since 2006!

Hotel Site Script - 15% Discount for NP members with code 'NPROS'
RickM is offline  
Old 10-26-2006, 05:32 AM   #22 (permalink)
NamePros Regular
Join Date: Oct 2006
Posts: 970
neroux has a spectacular aura aboutneroux has a spectacular aura about
 



Originally Posted by Richy
lmao, i have a 15 digit hash, md5database.net decrypts it straight away :S.

but if i use md5 then md5 and salt over that, it cant... that is much stronger. (type of hash ipb uses etc)
MD5 cannot be decrypted. The site you mentioned just has a list of some MD5 values with the respective data, on which it performs a lookup, this can be achieved with each hash method.
__________________
Paris loves CityPics

-- Do not let others be treated this way!
neroux is offline  
Old 10-26-2006, 10:24 AM   #23 (permalink)
Senior Member
 
RickM's Avatar
Join Date: Sep 2005
Location: Herts, UK
Posts: 3,806
RickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant future
 


Cancer Survivorship Save The Children Save The Children Cancer Animal Cruelty Child Abuse Cancer Survivorship 9/11/01 :: Never Forget Animal Cruelty Child Abuse Animal Rescue Animal Cruelty Protect Our Planet Protect Our Planet Protect Our Planet Animal Cruelty Save a Life
Originally Posted by neroux
MD5 cannot be decrypted. The site you mentioned just has a list of some MD5 values with the respective data, on which it performs a lookup, this can be achieved with each hash method.
Actualy MD5 CAN be decrypted...and pretty easily at that.
__________________
Disney World Fans - Mobile Apps for your WDW Vacation!
WSDReg - Affordable Domain Registration. Serving NP members since 2006!

Hotel Site Script - 15% Discount for NP members with code 'NPROS'
RickM is offline  
Old 10-26-2006, 10:29 AM   #24 (permalink)
NamePros Member
Join Date: May 2006
Posts: 160
TwistMyArm is on a distinguished road
 



MD5 CANNOT be decrypted, as it's not encryption in the first place!

Yes, finding a string of some sort that hashes to the same value as the string we want is relatively simple, but that is not decryption.
TwistMyArm is offline  
Old 10-26-2006, 11:22 AM   #25 (permalink)
Senior Member
 
RickM's Avatar
Join Date: Sep 2005
Location: Herts, UK
Posts: 3,806
RickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant futureRickM has a brilliant future
 


Cancer Survivorship Save The Children Save The Children Cancer Animal Cruelty Child Abuse Cancer Survivorship 9/11/01 :: Never Forget Animal Cruelty Child Abuse Animal Rescue Animal Cruelty Protect Our Planet Protect Our Planet Protect Our Planet Animal Cruelty Save a Life
Call it what you like...the fact is you can turn an MD5 string back to its origional state. End of story.
__________________
Disney World Fans - Mobile Apps for your WDW Vacation!
WSDReg - Affordable Domain Registration. Serving NP members since 2006!

Hotel Site Script - 15% Discount for NP members with code 'NPROS'
RickM is offline  
Closed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


 
All times are GMT -7. The time now is 02:58 PM.

Domain name forum recommended by Domaining.com Powered by: vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0 Ad Management plugin by RedTyger