MD5, a hash encrytion of texts. although it is supposed to be uncovertable it can be converted back recently. it is a very easy function to use but uesed a lot in sending encrypted data and storing it, like this forum it uses it to store passwords. this is how it works:
The only things I can think of that would require MD5() are for logins. For that you need a database, MySQL goes well with PHP.
An example I found on the net can be found here. I haven't tried it out yet, but I intend to later on just to see how it works. It requires MySQL.
Judging by reading the summary, it MD5's on the clientside and macthes it up on the serverside instead of sending a plain-text password as it were... I'm confused now!
Bah, i'll find an easier example that's easy to get!
This statement is 100% false. You cannot convert back MD5, it is true that collisions have been found but all that means is that two different strings produce the same hash. They are still nearly impossible to find.
Any encryption is prone to dictionary attacks if you don't include a salt. An MD5 encryption with a salt will be more than enough for many sites out there although if you are serious about security I would recommend hashing with SHA256 or even SHA512 and including a pre-set SALT that only you know and a random SALT which will be stored in the database with the password. That way even if a user gets the hashed password and the SALT they still cannot use a dictionary attack as they do not have the secret salt that only you know.
You are correct that passwords are normally stored in a MySql database, but what if somebody (even a site admin) gains access to the database? The passwords are there in plain-text. If they are hashed (not encrypted, two totally different things) then it's impossible to find the users' password.
Unfortunately the password's will still be sent in plaintext from the client to the server, this is where SSL certificates are needed.
I have also heard, might not be completely true but if you hash an already hashed string it increases the chance of collisions. Don't ask me how though
Actualy, MD5 can be decrypted...it has only recently been found out though.
I wont post code up here that will prove this as i wouldnt want to create security problems for anyone, however i can assure you - MD5 is very decryptable...i have been able to decrypt upto 10 chars so far, and im sure others have got furthur.
I would appreciate it if people stopped PMing me asking for the code...regardless of your reasoning, i would prefer not to release it.
MD5 can't be decrypted... MD5 produces a cryptographic hash. A hash cannot be decrypted or "converted back". MD5 is still very safe if used with a salt.
Well please provide a link then. It is impossible to decrypt a hash, there is a difference between encryption and hashing. I'm guessing the site these people are referring to is http://www.md5decrypt.com/, try it with a string you have hashed and funnily enough it throws up an error, good isn't it! That site can only decrypt strings you have put into it, obviously it keeps a database of all strings entered and then tries to find a match.
When will you people learn that it's impossible to decrypt a proper md5 hash. It takes supercomputers weeks just to find a collision.
md5() is decryptable, but it can take a while to do so depending on the chars. If it is combined with Aa1-10*#@#$% well it would take days to decrypt...if it is a simple "hello" it will take around 10mins maybe...
But yes people have been able to decrypt it through dictionary words, brute force attacks.
md5 and sha1 are both decryptable...if you really are that desperate i can show u a screen shot .. if it is allowed by the board admin ofcourse
Linux decrypters are alot quicker then windows and they do it in nerly half the time aswell.
as mentioned above, you can prevent this by ofcourse using a salt.
No matter how much of an encryption you do create SOMEONE will be able to get around it someday
