Tonka Posted August 27, 2008 Share Posted August 27, 2008 Hey guys, I figured I would make my own MD5 Generator for when I needed to hash stuff and also to practice securing mySQL queries to a DB. There are 3 versions, a standalone, one for mccode v1 and one for mccode v2. Here is the code for the standalone, the links to download the others are at the end. DB Table Query You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Create mysql.php You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Create md5.php You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Standalone - http://www.squangle.org/mods/md5.rar mccode v1 - http://www.squangle.org/mods/md5_v1.rar mccode v2 - http://www.squangle.org/mods/md5_v2.rar Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 27, 2008 Share Posted August 27, 2008 Re: MD5 Generator Nice idea, but I only think it could be easier to use javascript. http://www.webtoolkit.info/javascript-md5.html Quote Link to comment Share on other sites More sharing options...
jonomatt Posted August 27, 2008 Share Posted August 27, 2008 Re: MD5 Generator im really really stupid... whats a MD5 generator? Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted August 27, 2008 Share Posted August 27, 2008 Re: MD5 Generator I'm still trying to work exactly what the point of this is when there are command line tools available, plus... who in their right minds *ever* uses md5 to store hashed data in a database these days? Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted August 27, 2008 Share Posted August 27, 2008 Re: MD5 Generator i actually have done a better one. that for example www.md5encryption.com uses. they use a similar one not the one i made. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted August 27, 2008 Share Posted August 27, 2008 Re: MD5 Generator Nyna, alot of people keep md5 generated code's to help out other's. but as for Tonka's script could be very harmfull to the site. You might want to limit the listing's. Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator No point - it's public knowledge and has been for ages -- MD5 hashing is basically a convenience, nothing else. It is considered totally insecure even when salted. Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator Isn't it more or less securing the script it's self so the visitor can't gain data though insecure input. Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator No point - it's public knowledge and has been for ages -- MD5 hashing is basically a convenience, nothing else. It is considered totally insecure even when salted. MD5 hash is insrcure? in what sense? and that would mean you use something else like sha1? Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator Well people love to call it encryption when it is anything but. Collisions - two or more pieces of data producing the same md5 checksum - are not unheard off, and I won't even bother with the obvious (and unfortunately all too common) storage of password hashes. Sha1 suffers from exactly the same issues, in fact most of the hashes do - There's a couple that we don't know of any known collisions, but time will tell - after all, there is no question - collisions MUST exist. As a construct in it's own write - md5 is neither secure not insecure -- after all it is purely a method of hashing data, I should have stated, it is more in how people use it that produces the insecurity. Quote Link to comment Share on other sites More sharing options...
POG1 Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator Sha1 suffers from exactly the same issues, in fact most of the hashes do - There's a couple that we don't know of any known collisions, but time will tell - after all, there is no question - collisions MUST exist. I found this. The SHA-1 is called secure because it is computationally infeasible to find a message which corresponds to a given message digest, or to find two different messages which produce the same message digest. Any change to a message in transit will, with very high probability, result in a different message digest, and the signature will fail to verify. Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator Computationally infeasible is the key term -- 2^33 computations is well within my reach. Quote Link to comment Share on other sites More sharing options...
Raptor_Jesus Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator The last I read on this subject SHA-224 and SHA-256 were the latest and greatest hashes approved by NIST. There might be more now since I last read up on this but like I said last I read these were the latest NIST approved. echo hash('sha256', 'tryme'); Now I'll wander off and read up on this subject to see whats new. Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator mcrypt required to do that, not compiled into PHP5 by default. But when you want to go far ahead, It would be better just to encrypt the string. Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator The last I read on this subject SHA-224 and SHA-256 were the latest and greatest hashes approved by NIST. There might be more now since I last read up on this but like I said last I read these were the latest NIST approved. echo hash('sha256', 'tryme'); Now I'll wander off and read up on this subject to see whats new. Good move ;) Both were proved prone to a variety of attacks with increasing difficulty certainly. sha256 is also available via the suhosin patch of course, unfortunately, out-of-box MySQL 5 (stable) does not implement this - although it's a simple .so extension to write. Mathematically, sha1, sha256, sha384 and sha512 are all relatively similar, although certain oddities exist in the 384 version IIRC (been a while since I looked at the reference drivers). The question is more .. what do you use them for? That itself will dictate whether they are a viable solution. For example, checksumming data for wire transfer -- md5 is often sufficient, although my peers and myself tend to use both md5 and sha1. Quote Link to comment Share on other sites More sharing options...
Raptor_Jesus Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator Personally I use MD5, I was just making the point that if someone was to be concerned with MD5 and Sha1 that theres more possibilities that can be explored. Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted August 28, 2008 Share Posted August 28, 2008 Re: MD5 Generator Agreed, There's loads of possibilities for encryption/hashing Quote Link to comment Share on other sites More sharing options...
HITMAN 17 Posted October 14, 2008 Share Posted October 14, 2008 Re: [mccode] MD5 Generator do you have md5 decrypter at all Quote Link to comment Share on other sites More sharing options...
POG1 Posted October 14, 2008 Share Posted October 14, 2008 Re: [mccode] MD5 Generator do you have md5 decrypter at all i could be wrong but i don't think there is a way to decrypt it, but there are sites which will check against their records and show the un-hashed string. Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted October 14, 2008 Share Posted October 14, 2008 Re: [mccode] MD5 Generator Nope, not wrong -- you cannot decrypt mathematical one-way functions (hence, their name). Yes, lookup tables, (often called rainbow tables) exist, but for even a reasonable selection, say 1-10 lower, upper, and digits takes an inordinate amount of space in any conventional database. Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted October 15, 2008 Share Posted October 15, 2008 Re: [mccode] MD5 Generator Nope, not wrong -- you cannot decrypt mathematical one-way functions (hence, their name). Yes, lookup tables, (often called rainbow tables) exist, but for even a reasonable selection, say 1-10 lower, upper, and digits takes an inordinate amount of space in any conventional database. Im sure your incorrect there Nyna it is possible to decrypt it with the original encrypt string, there's noway anything is not solvable it would just take a brain like yours. Maybe you should give it a go and see if your smarter than the people who have tried before but reversing any string is possible (of my knowledge) like deleted files on a hard-drive are still there Quote Link to comment Share on other sites More sharing options...
POG1 Posted October 15, 2008 Share Posted October 15, 2008 Re: [mccode] MD5 Generator it may be possible with a super computer :P Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted October 15, 2008 Share Posted October 15, 2008 Re: [mccode] MD5 Generator Lets see... We know that "decrypting" is impossible -- just trust me on this, so we rely on lookups. There are a total of 340,282,366,920,938,463,463,374,607,431,768,211,456 different md5 hashes that can be generated. Lets also assume we are looking for a complex password - made up of letters (upper and lowercase), digits, and punctuation (say 33 odd characters), maybe up to 15 characters. That's around 468,219,860,267,835,848,675,991,626,495 variations. Now lets say on a single machine we can perform 1,000,000 hash operations per second (we're not going to bother with lookup tables here, as I'm sure you can work out the storage requirements for yourself...) 5,419,211,345,692,544,544 days later, I will have iterated through the entire range of possible combinations and printed out all passwords that match a single hash. I'll let you work out the number of days for a small super-computer (say 64K processors at 10,000,000 hashes throughput per second). Now, one advantage is, we don't actually have to search the entire space - all we need to do is discover 1 input password that when hashed produces our md5-hash. Anybody care to calculate the probability of hitting a collision in this limited set of data? Now assuming plain text is hashed with no "salt", yes, a small dictionary of text => hash can be constructed, (this is the rainbow tables), however even this has problems. Naive implementations will require too much space and/or too much time. Certain constructions may be used to "break" hashes however they themselves will clearly demonstrate WHY hashing is a bad idea. Salted data becomes marginally more complex, but the salt itself really only provides security at one point (I'll leave that point to you to discover). A lot of people like md5 as it's often the first one-way function they encounter, sha1 provides a little more "protection" (I use the word cautiously here), but both the md# and sha# series of functions have been proven to have problems in that the time and operations required to generate collisions are less than that originally anticipated. So, looking up ae93e52a3c1f3bbcefbc805331fca9e9 in a rainbow table ~may~ be feasible (any takers?) but I doubt you'll be able to find 40cc7f45b76bed5ee06b96b860b94888 in any tables. Quote Link to comment Share on other sites More sharing options...
POG1 Posted October 15, 2008 Share Posted October 15, 2008 Re: [mccode] MD5 Generator The fastest computer as far as i know is the IBM blue genie which has been clocked at 1.5 trillion calculations per second (i think), with using that it will still take a long time. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.