[advanced search]
Results from the most recent live auction are here.
28 members in the live chat room. Join Chat!
Register Rules & FAQ NP$ Store Active Threads Mark Forums Read
Go Back   NamePros.Com > Design and Development > Programming > CODE
User Name
Password

Closed Thread
 
Thread Tools
Old 09-16-2006, 10:43 AM   · #1
klavixs
Account Closed
 
klavixs's Avatar
 
Name: John Jacob jinglehimersmith
Location: Under a Bridge
Trader Rating: (6)
Join Date: Aug 2006
Posts: 200
NP$: 206.00 (Donate)
klavixs will become famous soon enoughklavixs will become famous soon enough
Cool Md5 encrypted passwords

Warning to novices in php this is a pretty advanced script and should be used by a person who is very knowledge in php if you insist on useing it on a novice stage it's at your own risk.

This scrypt checks a user inputed password and then encrypts it and checks the db's version of the md5 enc to see it is correct
PHP Code:
//str is the inputed password the user gave
Function Encpass($str)

{

//this now encrypts the inputed password
md5($str);

//this checks the encrypted version of the inputed password
//to the databases stored version to see if it's correct
//change usrpass to whatever variable you use for the retrieved pass from db your checking
if (md5($str) == $usrpass)

{
  
//in your script check, if Cvalue equals 2 and it's a correct pass
  
$Cvalue = "2";

  }

  else
  {
  
//but if its a 1 it's incorrect password
  
$Cvalue = "1";
  }

}
//you should next check Cvalue to make sure it equals 2
//if you use this and like it a link to my website is appreciated but not required
// my website is http://onfiretechnologies.com and it's an arcade of flash games
// and has lots of cheat codes so use what ever relateing text you wish


this next part is for user registration

PHP Code:
//this part is for user registration to encrypt password in md5
//stpass is the inputed password to encrypt
Function CMd5Pass($stpass)
{
//npass is the new encrypted version of the orignal inputed pass
$Npass = md5($stpass)
}

//now to enter it in db. save the Npass variable to the db for password
//if you use this and like it a link to my website is appreciated but not required
// my website is http://onfiretechnologies.com and it's an arcade of flash games
// and has lots of cheat codes so use what ever relateing text you wish


Please register or log-in into NamePros to hide ads
klavixs is offline   Reply With Quote
Old 09-16-2006, 11:58 AM   · #2
Noobie
DNOA Member
 
Noobie's Avatar
 
Name: Shoei
Location: Montreal, Quebec, Canada
Trader Rating: (0)
Join Date: Feb 2006
Posts: 324
NP$: 65.00 (Donate)
Noobie is on a distinguished road
I'm confused but....
PHP Code:
md5($str); //that line does nothing

run the script below you'll see.
PHP Code:
<?php
$str
= "a";
md5($str);
echo
$str;
?>


The function is a little redundant but its a good way to advertise your site.
__________________
Goldkey.com is a scam
What's your BMI? | Timestamp Generator
Noobie is offline   Reply With Quote
Old 09-16-2006, 12:08 PM   · #3
Dan
Buy my domains.
 
Dan's Avatar
 
Name: Dan
Trader Rating: (63)
Join Date: Feb 2006
Posts: 2,800
NP$: 54.00 (Donate)
Dan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant future
Autism Autism Autism Autism Autism Autism Autism
PHP Code:
if (md5($str) == $usrpass)
That wouldn't work. You'd have to make $usrpass a global variable or make it in your function's input.

.. and for $Cvalue, I think it's more or less the same thing. You need to make it a global variable for it to be used outside of the function.

The next code you posted just md5()'s the text and doesn't do anything with it.
Dan is offline   Reply With Quote
Old 09-16-2006, 12:21 PM   · #4
klavixs
Account Closed
 
klavixs's Avatar
 
Name: John Jacob jinglehimersmith
Location: Under a Bridge
Trader Rating: (6)
Join Date: Aug 2006
Posts: 200
NP$: 206.00 (Donate)
klavixs will become famous soon enoughklavixs will become famous soon enough
Smile

the following is from www.w3schools.com
Quote:
Definition and Usage

The md5() function calculates the MD5 hash of a string.

The md5() function uses the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

From RFC 1321 - The MD5 Message-Digest Algorithm: "The MD5 message-digest algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA."

This function returns the calculated MD5 hash on success, or FALSE on failure.
Syntax

md5(string,raw)


Parameter Description
string Required. The string to be calculated
raw Optional. Specifies hex or binary output format:

* TRUE - Raw 16 character binary format
* FALSE - Default. 32 character hex number

Note: This parameter was added in PHP 5.0

Example 1

<?php
$str = "Hello";
echo md5($str);
?>

The output of the code above will be:

8b1a9953c4611296a827abf8c47804d7


Example 2

In this example we will print the result of md5() and then test it:

<?php
$str = "Hello";
echo md5($str);

if (md5($str) == '8b1a9953c4611296a827abf8c47804d7')
{
echo "<br />Hello world!";
exit;
}
?>

The output of the code above will be:

8b1a9953c4611296a827abf8c47804d7
Hello world!


you might be right about the globals but it was a quick throw together for a friend
klavixs is offline   Reply With Quote
Old 09-16-2006, 02:59 PM   · #5
Kath
Law and disorder
 
Kath's Avatar
 
Name: Kate
Location: Expat
Trader Rating: (54)
Join Date: Aug 2005
Posts: 4,873
NP$: 930.11 (Donate)
Kath has a reputation beyond reputeKath has a reputation beyond reputeKath has a reputation beyond reputeKath has a reputation beyond reputeKath has a reputation beyond reputeKath has a reputation beyond reputeKath has a reputation beyond reputeKath has a reputation beyond reputeKath has a reputation beyond reputeKath has a reputation beyond reputeKath has a reputation beyond repute
Third World Education Find Marrow Donors! Find Marrow Donors! Find Marrow Donors! Find Marrow Donors! Animal Rescue Animal Cruelty AIDS/HIV
A bit offtopic but isn't it best to use sha1 instead of md5 ?
__________________

ShopNames.com - Quality domain names at discount rates

PM me for a SedoPro endorsement code
Kath is online now   Reply With Quote
Old 09-16-2006, 04:46 PM   · #6
Noobie
DNOA Member
 
Noobie's Avatar
 
Name: Shoei
Location: Montreal, Quebec, Canada
Trader Rating: (0)
Join Date: Feb 2006
Posts: 324
NP$: 65.00 (Donate)
Noobie is on a distinguished road
i've switched to sha1
__________________
Goldkey.com is a scam
What's your BMI? | Timestamp Generator
Noobie is offline   Reply With Quote
Old 09-16-2006, 04:47 PM   · #7
Dan
Buy my domains.
 
Dan's Avatar
 
Name: Dan
Trader Rating: (63)
Join Date: Feb 2006
Posts: 2,800
NP$: 54.00 (Donate)
Dan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant future
Autism Autism Autism Autism Autism Autism Autism
I know how to use md5()...

You are using it inside of another function to do the same exact thing with a longer name and yours won't work.

Read: http://us3.php.net/global
Dan is offline   Reply With Quote
Old 09-16-2006, 05:37 PM   · #8
Barrucadu
Formally Mikor.
 
Barrucadu's Avatar
 
Name: Michael Walker
Location: East Yorkshire, England
Trader Rating: (7)
Join Date: Aug 2005
Posts: 2,438
NP$: 95.25 (Donate)
Barrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to behold
Heres a fixed version!

PHP Code:
function Validate($str, $passwd){
     if(
md5($str) == $passwd){
          return
true;
     }else{
          return
false;
     }
}

function
Hash($str){
     return
md5($str);
}
__________________
Me | Blog | Last.fm | F@h

archlinux User
Barrucadu is offline   Reply With Quote
Old 10-20-2006, 04:34 PM   · #9
Richard
Website Review Team
 
Richard's Avatar
 
Name: Richard
Trader Rating: (31)
Join Date: Jan 2006
Posts: 524
NP$: 10.20 (Donate)
Richard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to all
Save a Life Tsunami Relief AIDS/HIV Save a Life
i highly suggest you don't use this code for MD5 encryption, extremely easy to crack (approx 1 - 3 seconds). In fact, you can crack it online at http://www.md5database.net/ :P to make it more secure you use a salt.
Richard is offline   Reply With Quote
Old 10-20-2006, 05:37 PM   · #10
dhscott
Senior Member
 
dhscott's Avatar
 
Name: Daz
Location: London, UK
Trader Rating: (23)
Join Date: Apr 2006
Posts: 1,346
NP$: 280.40 (Donate)
dhscott is a name known to alldhscott is a name known to alldhscott is a name known to alldhscott is a name known to alldhscott is a name known to alldhscott is a name known to all
Look, Md5 is stupidly hard to hack so don't say it is. People have got lucky with matching words with md5 hashes, simple as.

Using one or the other is not going to be sensible, the same result could happen.

The best you could do is to put an md5 into an sha1 and into rot13 and into salt...

Or simply just md5 the md5 hash...
dhscott is offline   Reply With Quote
Old 10-20-2006, 05:41 PM   · #11
Dan
Buy my domains.
 
Dan's Avatar
 
Name: Dan
Trader Rating: (63)
Join Date: Feb 2006
Posts: 2,800
NP$: 54.00 (Donate)
Dan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant future
Autism Autism Autism Autism Autism Autism Autism
Originally Posted by qwhois
Or simply just md5 the md5 hash...

Bingo.
Dan is offline   Reply With Quote
Old 10-20-2006, 06:38 PM   · #12
Borghunter
Resistance is Futile
 
Borghunter's Avatar
 
Name: Mitchell
Location: Calgary, Canada
Trader Rating: (24)
Join Date: Apr 2006
Posts: 1,063
NP$: 156.05 (Donate)
Borghunter is a name known to allBorghunter is a name known to allBorghunter is a name known to allBorghunter is a name known to allBorghunter is a name known to allBorghunter is a name known to all
Wildlife
Well, you could encrypt something easily. Just keep on md5ing and salting and sha1ing until your computer crashes, so it's pretty hard to crack stuff.
__________________
Politics On Fire - Political Debate and Discussions Forum
Borghunter is online now  
  Reply With Quote
Old 10-20-2006, 07:23 PM   · #13
Tree
NamePros Regular
 
Tree's Avatar
 
Name: Trevor
Location: Atlanta, GA, USA
Trader Rating: (3)
Join Date: Feb 2006
Posts: 331
NP$: 0.00 (Donate)
Tree will become famous soon enoughTree will become famous soon enough
I just use md5 -> salt (700-7000 chars) -> sha1 -> rot13 -> md5

Works for me.
__________________
NCIDev.com
Tree is offline   Reply With Quote
Old 10-21-2006, 06:49 AM   · #14
TwistMyArm
NamePros Member
 
Trader Rating: (0)
Join Date: May 2006
Posts: 157
NP$: 81.00 (Donate)
TwistMyArm is on a distinguished road
Just to add my two cents worth: MD5 is NOT an encryption process, it's a hashing process.

Please, especially when using a "pretty advanced script" (sic) such as this, can we at least use the correct terminology?
TwistMyArm is online now   Reply With Quote
Old 10-21-2006, 02:13 PM   · #15
Tree
NamePros Regular
 
Tree's Avatar
 
Name: Trevor
Location: Atlanta, GA, USA
Trader Rating: (3)
Join Date: Feb 2006
Posts: 331
NP$: 0.00 (Donate)
Tree will become famous soon enoughTree will become famous soon enough
Good point. Encryption processes can be decrypted using a standard algorithm. Hashes cannot.
__________________
NCIDev.com
Tree is offline   Reply With Quote
Old 10-25-2006, 03:02 AM   · #16
neroux
NamePros Regular
 
Trader Rating: (5)
Join Date: Oct 2006
Posts: 860
NP$: 26.00 (Donate)
neroux has a spectacular aura aboutneroux has a spectacular aura about
Originally Posted by Richy
i highly suggest you don't use this code for MD5 encryption, extremely easy to crack (approx 1 - 3 seconds). In fact, you can crack it online at http://www.md5database.net/ :P to make it more secure you use a salt.


MD5 has its weaknesses, but it cannot be cracked in 3 second by far.
__________________
Paris loves CityPics

Slice up your URLs

-- Do not let others be treated this way!

Last edited by neroux : 10-25-2006 at 03:10 AM.
neroux is offline   Reply With Quote
Old 10-25-2006, 08:52 PM   · #17
Richard
Website Review Team
 
Richard's Avatar
 
Name: Richard
Trader Rating: (31)
Join Date: Jan 2006
Posts: 524
NP$: 10.20 (Donate)
Richard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to allRichard is a name known to all
Save a Life Tsunami Relief AIDS/HIV Save a Life
lmao, i have a 15 digit hash, md5database.net decrypts it straight away :S.

but if i use md5 then md5 and salt over that, it cant... that is much stronger. (type of hash ipb uses etc)
Richard is offline   Reply With Quote
Old 10-26-2006, 01:58 AM   · #18
JBebbington
NamePros Regular
 
Trader Rating: (9)
Join Date: Sep 2006
Posts: 626
NP$: 0.00 (Donate)
JBebbington will become famous soon enoughJBebbington will become famous soon enough
You do not get that there are billions of combinations, and md5database is very incomplete, there is a small chance that it has a standard dictionary word, but a mixed case, mixed character, and completely random string it will not decode.
JBebbington is offline   Reply With Quote
Old 10-26-2006, 02:23 AM   · #19
RickM
www.RickyMills.com
 
RickM's Avatar
 
Name: Rick Mills
Location: Herts, UK
Trader Rating: (92)
Join Date: Sep 2005
Posts: 3,547
NP$: 814.52 (Donate)
RickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud of
Cancer Survivorship Save The Children Save The Children Cancer Animal Cruelty Child Abuse Cancer Survivorship 9/11/01 :: Never Forget Animal Cruelty Child Abuse Animal Rescue Animal Cruelty Protect Our Planet Protect Our Planet Protect Our Planet
md5database does not crack the MD5 keys, it has a database of keys people have entered...it only retrieves the already cracked info. If i enter "1234" into it to be encoded, that then gets added to their database. For example, i entered "88a712d55763cc29bb2986bba2493408" ("fgsg4352gv") into the decoder and it found nothing, but if i enter "fgsg4352gv" into the encoder it will then be added to the database.

To crack a md5 line takes quite a while...i created a script to do it and it took the script all day to crack a 5 char string.

The best way to protect yourself is double md5, salt or SH1 (but even SH1 can be cracked).

I've put together an encryption tool below, feel free to use it on your localhost to test out passwords and stuff

PHP Code:
<?php

if($_POST['submit']) {

$username=htmlspecialchars(addslashes($_POST['username']));
$password=htmlspecialchars($_POST['password']);

//Simple MD5
$password2=md5($password);

//Double MD5
$password3=md5(md5($password));

//Almost foolproof, MD5, SHA1, MD5, SHA1
$password4=md5(sha1(md5(sha1($password))));

//Alternativly use a "salt" string (random 3 characters for each user in the database that is added to the begining or end of the encryption. Example below:
$salt="&~/"; //Normaly this comes from the DB but im just doing an example here.
$password5=md5($password.$salt);

//Now i'll echo it all out into a nice little document :)
echo"<strong>RMWebs.net MD5 Tool</strong><br />You Entered The Following Information:<br /><strong>Username:</strong> ".$username."<br /><strong>Password:</strong> ".$password."<br /><br />
Here is the result of different methods of encryption:<br /><br />

<strong>Simple MD5:</strong> "
.$password2."<br />
<strong>Double MD5:</strong> "
.$password3."<br />
<strong>MD5-SHA1-MD5-SHA1:</strong> "
.$password4."<br />
<strong>MD5+Salt:</strong> "
.$password5."<br />
<br />
<strong>Recommended Use:</strong> MD5+Salt<br />
<strong>Most easy to crack:</strong> Simple MD5 followed by Double MD5<br /><br />

<font size=\"1\"><a href=\"http://www.rmwebs.net\">More usefull code and tools at RMWebs.net</a></font>"
;


}else {
?>
<form action="" method="POST">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" value="Go!" />
</form>
<?php } ?>
__________________
WSDReg - $7.99 .MOBI | $2.89 .INFO | .ME PRE-REGISTRATIONS!


15% OFF EVERYTHING @ NOCSTER.NET! GET YOURSELF A SERVER FOR UNDER $60!
(PM me to place an order!)
RickM is offline   Reply With Quote
Old 10-26-2006, 03:17 AM   · #20
Barrucadu
Formally Mikor.
 
Barrucadu's Avatar
 
Name: Michael Walker
Location: East Yorkshire, England
Trader Rating: (7)
Join Date: Aug 2005
Posts: 2,438
NP$: 95.25 (Donate)
Barrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to beholdBarrucadu is a splendid one to behold
I dont particularly like MD5, mainly because of md5 databases. I do however, have to use it because phpbb2 uses MD5 and I cant be bothered to rehash all the passwords, lol.

This is my preferred method when hashing passwords:
PHP Code:
$hash = base64_encode(rot13(md5(sha1($password).$salt)).sh  a1($password.md5($password)).$password);
__________________
Me | Blog | Last.fm | F@h

archlinux User
Barrucadu is offline   Reply With Quote
Old 10-26-2006, 04:03 AM   · #21
RickM
www.RickyMills.com
 
RickM's Avatar
 
Name: Rick Mills
Location: Herts, UK
Trader Rating: (92)
Join Date: Sep 2005
Posts: 3,547
NP$: 814.52 (Donate)
RickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud ofRickM has much to be proud of
Cancer Survivorship Save The Children Save The Children Cancer Animal Cruelty Child Abuse Cancer Survivorship 9/11/01 :: Never Forget Animal Cruelty Child Abuse Animal Rescue Animal Cruelty Protect Our Planet Protect Our Planet Protect Our Planet
Good method there...very secure

Heres another one...pretty much uncrackable (well...unless you can figure out a way to decode over 11 characters at a time)

PHP Code:
$hash=md5(sh1(str_rot13(md5(md5(md5($password.md5(  sh1($password.$salt))))))));


If you can crack that then you are very desperate :P
__________________
WSDReg - $7.99 .MOBI | $2.89 .INFO | .ME PRE-REGISTRATIONS!


15% OFF EVERYTHING @ NOCSTER.NET! GET YOURSELF A SERVER FOR UNDER $60!
(PM me to place an order!)
RickM is offline   Reply With Quote
Old 10-26-2006, 05:32 AM   · #22
neroux
NamePros Regular
 
Trader Rating: (5)
Join Date: Oct 2006
Posts: 860
NP$: 26.00 (Donate)
neroux has a spectacular aura aboutneroux has a spectacular aura about
Originally Posted by Richy
lmao, i have a 15 digit hash, md5database.net decrypts it straight away :S.

but if i use md5 then md5 and salt over that, it cant... that is much stronger. (type of hash ipb uses etc)


MD5 cannot be decrypted. The site you mentioned just has a list of some MD5 values with the respective data, on which it performs a lookup, this can be achieved with each hash method.
__________________
Paris loves CityPics

Slice up your URLs

-- Do not let others be treated this way!
neroux is offline   Reply With Quote
Old 10-26-2006, 10:24 AM   · #23