Md5()

[asgsoft]

MD5, a hash encrytion of texts. although it is supposed to be uncovertable it can be converted back recently. it is a very easy function to use but uesed a lot in sending encrypted data and storing it, like this forum it uses it to store passwords. this is how it works:

$text="test text";
$encrypted= md5($text);
echo $encrypted;

this will ouput 1e2db57dd6527ad4f8f281ab028d2c70. but to make it more secure like what IPB does it to double encypt it. so it looks like this:

$text="test text";
$encrypted= md5(md5($text));
echo $encrypted;

this will output: a932721fa7514980123ca95f1e94cb47 which is harder to crack becuase it is an encrytption of an encryptiom.

hope that helps.

 

[wackyjoe]

md5() is decryptable, but it can take a while to do so depending on the chars. If it is combined with Aa1-10*#@#$% well it would take days to decrypt...if it is a simple "hello" it will take around 10mins maybe...

But yes people have been able to decrypt it through dictionary words, brute force attacks.

md5 and sha1 are both decryptable...if you really are that desperate i can show u a screen shot .. if it is allowed by the board admin ofcourse

Linux decrypters are alot quicker then windows and they do it in nerly half the time aswell.

as mentioned above, you can prevent this by ofcourse using a salt.


No matter how much of an encryption you do create SOMEONE will be able to get around it someday

 

[Scott]

md5() is decryptable, but it can take a while to do so depending on the chars. If it is combined with Aa1-10*#@#$% well it would take days to decrypt...if it is a simple "hello" it will take around 10mins maybe...

But yes people have been able to decrypt it through dictionary words, brute force attacks.

md5 and sha1 are both decryptable...if you really are that desperate i can show u a screen shot .. if it is allowed by the board admin ofcourse

Linux decrypters are alot quicker then windows and they do it in nerly half the time aswell.

No matter how much of an encryption you do create SOMEONE will be able to get around it someday

OK. "Decrypt" this: 981d5552164c6b0865a9c161432c290e

:bingo:

 

[wackyjoe]

have sent you a PM :P

 

[dhscott]

If anyone thinks a encryption is unencryptable, you are clearly wrong. They thought enigma was unencryptable, but it wasn't. It took ages but it happened.

How about SSL encryption?

I heard it took a team of mathematicians 17 years to break one little line of code... (does anyone have a link to this story?)

What is the effectiveness of MD5 hash? It's 128 isn't it? SHA1 is 160-bits as well?

Put it simply, combine hash's and you shouldn't have any trouble, with anyone (For a long time atleast).

 

[nick-8318]

doing md5(md5($string)) isn't necasarilly safer

 

[Shorty]

One thing I like to do is this:
$password = md5($password);
$password = strrev($password);
Just as an added measure of confusion.

There's absolutely nothing stopping anyone adding dozens of sha1's and md5's, or whatever else they want to do. I imagine it makes them safer, but I suppose it's effectiveness wears off.

One thing I would reccomend is just do a few random letter replacements, the more the better. Just make sure you store them in an external include (.php so they cant be opened) so that you can call them again when handling logins etc.

 

[ApeXX]

MD5, a hash encrytion of texts. although it is supposed to be uncovertable it can be converted back recently. it is a very easy function to use but uesed a lot in sending encrypted data and storing it, like this forum it uses it to store passwords. this is how it works:

$text="test text";
$encrypted= md5($text);
echo $encrypted;

this will ouput 1e2db57dd6527ad4f8f281ab028d2c70. but to make it more secure like what IPB does it to double encypt it. so it looks like this:

$text="test text";
$encrypted= md5(md5($text));
echo $encrypted;

this will output: a932721fa7514980123ca95f1e94cb47 which is harder to crack becuase it is an encrytption of an encryptiom.

hope that helps.

IPB also uses a salt, which I believe means they insert a random encrypted word into the final encryption pass.

 

[tm]

doing md5(md5($string)) isn't necasarilly safer

No but something like

$superencrypted = md5(sha1(md5(sha1(rand(0,1000000)).md5(sha1($str)));

is pratically unencryptable because there's no way somebody could guess how I encoded $superencrypted.

 

[Dan]

md5 is not decryptable.

They have giant databases with the word and it's hash. They try to find the hash you enter, and return the word.

If your encrypted text isn't completely basic (like 'hi'), they won't be able to tell you what it is.

 

[tm]

Not decryptable, but you can crack it by brute force. This is where you go through all the possible key combinations to see if it matches the original string.

 

[Dan]

You can crack anything with brute force, so saying that means nothing.

$superencrypted = md5(sha1(md5(sha1(rand(0,1000000)).md5(sha1($str)));

You can crack that by brute forcing. Have fun.

 

[Tree]

True. Anything that can be hashed can be "unhashed." Supercomputers combined with huge databases can "unhash" anything. Be it SHA1, MD5, MD4, or lesser know algorithms such as the AP, DEK, DJB, and the widely used ELF.

Combine supercomputers equivalent to those used for genetic sequencing and a database capable of more than 1.0873661566567430802736528525679*10^147 records (Oracle, IBM's DB2), and you'll have a database which can hold all possible combinations for a-z A-Z 0-9 and these special characters `~!@#$%^&*()_-+={[}]|\:;"'<,>.?/ for up to a string that is only 10 characters in length.

Quite large.

 

[Tree]

Found a Perl module just for this

http://search.cpan.org/~mwdhk/Digest-MD5-Reverse-1.0/lib/Digest/MD5/Reverse.pm

 

[tm]

Cool.

Somebody give me a 5 char md5 :P

 

[Dan]

http://gdataonline.com/seekhash.php

That site doesn't crack it and the perl script just goes to the site.