Jump to content
MakeWebGames

[mccode] MD5 Generator


Tonka

Recommended Posts

Hey guys, I figured I would make my own MD5 Generator for when I needed to hash stuff and also to practice securing mySQL queries to a DB.

There are 3 versions, a standalone, one for mccode v1 and one for mccode v2. Here is the code for the standalone, the links to download the others are at the end.

DB Table Query

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Create mysql.php

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Create md5.php

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

md5_1.jpg

md5_2.jpg

md5_3.jpg

Standalone - http://www.squangle.org/mods/md5.rar

mccode v1 - http://www.squangle.org/mods/md5_v1.rar

mccode v2 - http://www.squangle.org/mods/md5_v2.rar

Link to comment
Share on other sites

Guest Anonymous

Re: MD5 Generator

I'm still trying to work exactly what the point of this is when there are command line tools available, plus... who in their right minds *ever* uses md5 to store hashed data in a database these days?

Link to comment
Share on other sites

Guest Anonymous

Re: MD5 Generator

No point - it's public knowledge and has been for ages -- MD5 hashing is basically a convenience, nothing else. It is considered totally insecure even when salted.

Link to comment
Share on other sites

Guest Anonymous

Re: MD5 Generator

Well people love to call it encryption when it is anything but. Collisions - two or more pieces of data producing the same md5 checksum - are not unheard off, and I won't even bother with the obvious (and unfortunately all too common) storage of password hashes.

Sha1 suffers from exactly the same issues, in fact most of the hashes do - There's a couple that we don't know of any known collisions, but time will tell - after all, there is no question - collisions MUST exist.

As a construct in it's own write - md5 is neither secure not insecure -- after all it is purely a method of hashing data, I should have stated, it is more in how people use it that produces the insecurity.

Link to comment
Share on other sites

Re: MD5 Generator

 

Sha1 suffers from exactly the same issues, in fact most of the hashes do - There's a couple that we don't know of any known collisions, but time will tell - after all, there is no question - collisions MUST exist.

I found this.

 

The SHA-1 is called secure because it is computationally infeasible

to find a message which corresponds to a given message digest, or to

find two different messages which produce the same message digest.

Any change to a message in transit will, with very high probability,

result in a different message digest, and the signature will fail to

verify.

Link to comment
Share on other sites

Re: MD5 Generator

The last I read on this subject SHA-224 and SHA-256 were the latest and greatest hashes approved by NIST. There might be more now since I last read up on this but like I said last I read these were the latest NIST approved.

echo hash('sha256', 'tryme');

Now I'll wander off and read up on this subject to see whats new.

Link to comment
Share on other sites

Guest Anonymous

Re: MD5 Generator

 

The last I read on this subject SHA-224 and SHA-256 were the latest and greatest hashes approved by NIST. There might be more now since I last read up on this but like I said last I read these were the latest NIST approved.

echo hash('sha256', 'tryme');

Now I'll wander off and read up on this subject to see whats new.

 

Good move ;) Both were proved prone to a variety of attacks with increasing difficulty certainly.

sha256 is also available via the suhosin patch of course, unfortunately, out-of-box MySQL 5 (stable) does not implement this - although it's a simple .so extension to write.

Mathematically, sha1, sha256, sha384 and sha512 are all relatively similar, although certain oddities exist in the 384 version IIRC (been a while since I looked at the reference drivers).

The question is more .. what do you use them for? That itself will dictate whether they are a viable solution. For example, checksumming data for wire transfer -- md5 is often sufficient, although my peers and myself tend to use both md5 and sha1.

Link to comment
Share on other sites

  • 1 month later...
Guest Anonymous

Re: [mccode] MD5 Generator

Nope, not wrong -- you cannot decrypt mathematical one-way functions (hence, their name).

Yes, lookup tables, (often called rainbow tables) exist, but for even a reasonable selection, say 1-10 lower, upper, and digits takes an inordinate amount of space in any conventional database.

Link to comment
Share on other sites

Re: [mccode] MD5 Generator

 

Nope, not wrong -- you cannot decrypt mathematical one-way functions (hence, their name).

Yes, lookup tables, (often called rainbow tables) exist, but for even a reasonable selection, say 1-10 lower, upper, and digits takes an inordinate amount of space in any conventional database.

Im sure your incorrect there Nyna it is possible to decrypt it with the original encrypt string, there's noway anything is not solvable it would just take a brain like yours.

Maybe you should give it a go and see if your smarter than the people who have tried before

but reversing any string is possible (of my knowledge)

like deleted files on a hard-drive are still there

Link to comment
Share on other sites

Guest Anonymous

Re: [mccode] MD5 Generator

Lets see...

We know that "decrypting" is impossible -- just trust me on this, so we rely on lookups.

There are a total of 340,282,366,920,938,463,463,374,607,431,768,211,456 different md5 hashes that can be generated.

Lets also assume we are looking for a complex password - made up of letters (upper and lowercase), digits, and punctuation (say 33 odd characters), maybe up to 15 characters. That's around 468,219,860,267,835,848,675,991,626,495 variations.

Now lets say on a single machine we can perform 1,000,000 hash operations per second (we're not going to bother with lookup tables here, as I'm sure you can work out the storage requirements for yourself...)

5,419,211,345,692,544,544 days later, I will have iterated through the entire range of possible combinations and printed out all passwords that match a single hash.

I'll let you work out the number of days for a small super-computer (say 64K processors at 10,000,000 hashes throughput per second).

Now, one advantage is, we don't actually have to search the entire space - all we need to do is discover 1 input password that when hashed produces our md5-hash. Anybody care to calculate the probability of hitting a collision in this limited set of data?

Now assuming plain text is hashed with no "salt", yes, a small dictionary of text => hash can be constructed, (this is the rainbow tables), however even this has problems. Naive implementations will require too much space and/or too much time.

Certain constructions may be used to "break" hashes however they themselves will clearly demonstrate WHY hashing is a bad idea.

Salted data becomes marginally more complex, but the salt itself really only provides security at one point (I'll leave that point to you to discover).

A lot of people like md5 as it's often the first one-way function they encounter, sha1 provides a little more "protection" (I use the word cautiously here), but both the md# and sha# series of functions have been proven to have problems in that the time and operations required to generate collisions are less than that originally anticipated.

So, looking up ae93e52a3c1f3bbcefbc805331fca9e9 in a rainbow table ~may~ be feasible (any takers?) but I doubt you'll be able to find 40cc7f45b76bed5ee06b96b860b94888 in any tables.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...