Security - Simple md5 output [PHP]

Ryder · 12-26-2006, 12:08 PM

Recently users have been protecting their password by encrypting it in md5 format. Are you not up to date? Well with this script, you can be! (Although, this is not the safest form of protecting yourself... it is a simple script which will help you a lot. I hold no responsibility for any hack attempts against this script!)

PHP Code:

 
<form method="POST" action=''>

<h1>md5 Encrypter</h1>

<b>Password to be Encrypted:</b><br>

<input type='text' name='secure' value=''>

<input type='submit' name='submit' value='Convert!'>

</form>

 
<?PHP

 $secure = htmlspecialchars(stripslashes($_POST['secure']));

if($_POST['submit'])

????: NamePros.com http://www.namepros.com/code/273457-security-simple-md5-output-php.html
{

 if($secure == NULL)

 {

 echo ("<b>Error:</b> Type in the password to encrypt!");

 }

 if($secure != NULL)

 {

 $sec = md5($secure);

 echo ("<b>Text to encrypt:</b><br>$secure<br><br><b>Encrypted text:</b><br>$sec");

 }

}

?>

More tutorials coming soon at:
http://www.netsuhi.com

Matthew. · 12-26-2006, 12:17 PM

md5 should not be relied on. It is a myth that is can be decrypted because technically it is not an encryption however more and more larger and larger hash dictionaries are becoming easier to find.

You should SALT your passwords as well.

Ryder · 12-26-2006, 12:19 PM

Yes very true. I would advice anyone to research about encryption/decryption and security before using ANY password protection scripts. I assure you none of them is 100% safe and reliable on the net.

jerometan · 12-28-2006, 09:53 AM

MD5 tables are one of the most common.

The reason - used by almost every commercial php script.
If a hacker manages to get into the database, all he gets is MD5 hashes.

However, due to its popularity, very large tables (like rainbow tables) are available.

Dan · 12-28-2006, 09:59 AM

We all understand the crap about how it can be "decrypted" (I know that it isn't really decryption) and all the other stuff: http://www.namepros.com/code/238391-...passwords.html

Also, the script in the first post doesn't actually do anything.. It just echo's the md5 of a string if it is "secure."

Quote:

I hold no responsibility for any hack attempts against this script!

How can someone hack that.. There's nothing to hack.

jerometan · 12-28-2006, 10:01 AM

You can however, compare it to a hash table, and obtain a string.

However, it may NOT be the same. i.e. there WILL be collisions.

Dan · 12-28-2006, 10:09 AM

That's all stated in the thread I linked to.

Camron · 12-28-2006, 10:16 AM

Hmm, I just found this http://www.md5encryption.com/

Seems to work

jerometan · 12-28-2006, 10:20 AM

What it does is enter what you try to encrypt into the MD5 hash database.

When you enter the same hash into the decrypt field, it returns the original word again.

A pretty cheap trick. Try entering (1241b4d509c88dd2ed8c646ad812a1f6).

It'll be unable to decrypt.

tanfwc · 12-28-2006, 11:32 AM

If everyone on the net enter a value to the website, it will have billion of record to search for

Matthew. · 12-28-2006, 11:34 AM

Originally Posted by Camron

Hmm, I just found this http://www.md5encryption.com/
????: NamePros.com http://www.namepros.com/showthread.php?t=273457

Seems to work

It doesn't decrypt, it just uses a dictionary of hashes. The trick that fools most peoples with these websites is that you use them to encrypt a really long and complicated string that you think it wont be able to encrypt, but then go to decrypt it and find it can! Why? Because when you encrypt it, it adds the hash to the dictionary lol.

jerometan · 12-28-2006, 06:25 PM

Originally Posted by tanfwc

If everyone on the net enter a value to the website, it will have billion of record to search for

Rainbow tables do it for your automatically...

beaver6813 · 12-29-2006, 02:36 AM

Well done on using the md5 function ^^ I'm presuming this is one of your first ultra mini scripts. Use a SALT on it to improve security, so

PHP Code:

  md5($submittedpassword."RUBBER*()CHICKENS"); 

????: NamePros.com http://www.namepros.com/showthread.php?t=273457

It will help to defeat rainbow tables and dictionarys full of hashes, users shouldn't use dictionary passwords anyways so perhaps getting the system to try and hack the password first with a small dictionary would get rid of the most easily to crack passwords.

12-26-2006, 12:08 PM	THREAD STARTER #1 (permalink)
Ryder NamePros Regular Join Date: Mar 2006 Posts: 227	Security - Simple md5 output [PHP] Recently users have been protecting their password by encrypting it in md5 format. Are you not up to date? Well with this script, you can be! (Although, this is not the safest form of protecting yourself... it is a simple script which will help you a lot. I hold no responsibility for any hack attempts against this script!) PHP Code: <form method="POST" action=''> <h1>md5 Encrypter</h1> <b>Password to be Encrypted:</b><br> <input type='text' name='secure' value=''> <input type='submit' name='submit' value='Convert!'> </form> <?PHP $secure = htmlspecialchars(stripslashes($_POST['secure'])); if($_POST['submit']) ????: NamePros.com http://www.namepros.com/code/273457-security-simple-md5-output-php.html { if($secure == NULL) { echo ("<b>Error:</b> Type in the password to encrypt!"); } if($secure != NULL) { $sec = md5($secure); echo ("<b>Text to encrypt:</b><br>$secure<br><br><b>Encrypted text:</b><br>$sec"); } } ?> More tutorials coming soon at: http://www.netsuhi.com __________________ \| HexRde.com \| NetSuhi.com \|

12-26-2006, 12:17 PM	#2 (permalink)
Matthew. Senior Member Join Date: Dec 2006 Location: England Posts: 1,565	md5 should not be relied on. It is a myth that is can be decrypted because technically it is not an encryption however more and more larger and larger hash dictionaries are becoming easier to find. You should SALT your passwords as well. __________________ University Grade Calculator juegosjuegos Your Hotel in Austria Matratzen

12-26-2006, 12:19 PM	THREAD STARTER #3 (permalink)
Ryder NamePros Regular Join Date: Mar 2006 Posts: 227	Yes very true. I would advice anyone to research about encryption/decryption and security before using ANY password protection scripts. I assure you none of them is 100% safe and reliable on the net. __________________ \| HexRde.com \| NetSuhi.com \|

12-28-2006, 09:53 AM	#4 (permalink)
jerometan NamePros Regular Join Date: Feb 2006 Posts: 584	MD5 tables are one of the most common. The reason - used by almost every commercial php script. If a hacker manages to get into the database, all he gets is MD5 hashes. However, due to its popularity, very large tables (like rainbow tables) are available. __________________ Budget NP$ Hosting - Affordable CPanel Hosting! [ Click Here For Sales/Support ] 50NP Proxy Hosting \| URLToUs \| Fast Reliable Budget Host! [ Click Here For Sales/Support ]

12-28-2006, 10:01 AM	#6 (permalink)
jerometan NamePros Regular Join Date: Feb 2006 Posts: 584	You can however, compare it to a hash table, and obtain a string. However, it may NOT be the same. i.e. there WILL be collisions. __________________ Budget NP$ Hosting - Affordable CPanel Hosting! [ Click Here For Sales/Support ] 50NP Proxy Hosting \| URLToUs \| Fast Reliable Budget Host! [ Click Here For Sales/Support ]

12-28-2006, 10:09 AM	#7 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,792	That's all stated in the thread I linked to.

12-28-2006, 10:16 AM	#8 (permalink)
Camron Senior Member Join Date: Jan 2006 Location: Portland, Oregon Posts: 2,100 Follow @hostingfuze	Hmm, I just found this http://www.md5encryption.com/ Seems to work __________________ HostingFuze.com Premium Master Reseller Services \| 99.9% Uptime Guaranteed SLA \| Starting at $4.95/mo Basic Reseller Hosting @ HostFz.com - Services starting as low as $1.95/mo!

12-28-2006, 10:20 AM	#9 (permalink)
jerometan NamePros Regular Join Date: Feb 2006 Posts: 584	What it does is enter what you try to encrypt into the MD5 hash database. When you enter the same hash into the decrypt field, it returns the original word again. A pretty cheap trick. Try entering (1241b4d509c88dd2ed8c646ad812a1f6). It'll be unable to decrypt. __________________ Budget NP$ Hosting - Affordable CPanel Hosting! [ Click Here For Sales/Support ] 50NP Proxy Hosting \| URLToUs \| Fast Reliable Budget Host! [ Click Here For Sales/Support ]

12-28-2006, 11:32 AM	#10 (permalink)
tanfwc NamePros Member Join Date: Jun 2006 Posts: 195	If everyone on the net enter a value to the website, it will have billion of record to search for __________________ tanfwc [ My HomePage ] My Project : Free Image Hosting # Shorten your URL! # Submit your proxy Cheap VPS on GNAX Network -- starting US$12.99/mo!

12-29-2006, 02:36 AM	#13 (permalink)
beaver6813 NamePros Regular Join Date: May 2005 Location: England Posts: 390 Follow @beaver6813	Well done on using the md5 function ^^ I'm presuming this is one of your first ultra mini scripts. Use a SALT on it to improve security, so PHP Code: `md5($submittedpassword."RUBBER*()CHICKENS"); ????: NamePros.com http://www.namepros.com/showthread.php?t=273457` It will help to defeat rainbow tables and dictionarys full of hashes, users shouldn't use dictionary passwords anyways so perhaps getting the system to try and hack the password first with a small dictionary would get rid of the most easily to crack passwords. __________________ -Beaver6813.com - Web Developer Extraordinaire!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)