Jump to content
MakeWebGames

Recommended Posts

Posted

Im personally not sure weather to use double hasing with salt for MD5 or SHA1

Examples: Layed out like updating new pass in preferences.

<?php

$SetNewPassword = sprintf(
"UPDATE users SET
`userpass` = '%s',
WHERE (userid = %u)",
md5(md5('u9r@~[=-=-'.$_POST['password']).'#sdf'),
$ir['userid']);
$db->query($SetNewPassword);

?>

 

<?php

$SetNewPassword = sprintf(
"UPDATE users SET
`userpass` = '%s',
WHERE (userid = %u)",
sha1(sha1('u9r@~[=-=-'.$_POST['password']).'#sdf'),
$ir['userid']);
$db->query($SetNewPassword);

?>

 

Which one would would be more secure?

Posted

Re: Double hashing with salt....

well micoroft run sha1

Nyna suggested whirlpool to me before... maybe interesting to google lol

im sure with the right amount of time and imagination creating your own shouldn't be so difficult

but im sure won't be the dogs bollocks like sha1, md5 or whirlpool

Posted

Re: Double hashing with salt....

 

well micoroft run sha1

Nyna suggested whirlpool to me before... maybe interesting to google lol

Never heard of whirlpool....Might look into it.

Posted

Re: Double hashing with salt....

By what i can find out i'm guessing it's something like (one of these three)

 

<?php

$SetNewPassword = sprintf(
"UPDATE users SET
  `userpass` = '%s',
WHERE (userid = %u)",
Whirlpool-T(Whirlpool-T('u9r@~[=-=-'.$_POST['password']).'#sdf'),
$ir['userid']);
$db->query($SetNewPassword);

?>

 

<?php

$SetNewPassword = sprintf(
"UPDATE users SET
  `userpass` = '%s',
WHERE (userid = %u)",
Whirlpool-0(Whirlpool-0('u9r@~[=-=-'.$_POST['password']).'#sdf'),
$ir['userid']);
$db->query($SetNewPassword);

?>

 

<?php

$SetNewPassword = sprintf(
"UPDATE users SET
  `userpass` = '%s',
WHERE (userid = %u)",
Whirlpool(Whirlpool('u9r@~[=-=-'.$_POST['password']).'#sdf'),
$ir['userid']);
$db->query($SetNewPassword);

?>

 

Most likely wrong tho... :?

Guest Anonymous
Posted

Re: Double hashing with salt....

NEVER double hash -- all you are doing is making it a *lot* easier to find a collision.

 

... I "THINK" it has never been undecrypted. ...

It's not encryption - it's hashing which is a one-way function. It cannot be reversed.

 

well micoroft run sha1

Nyna suggested whirlpool to me before... maybe interesting to google lol

im sure with the right amount of time and imagination creating your own shouldn't be so difficult

but im sure won't be the dogs bollocks like sha1, md5 or whirlpool

M$ use a variety of hashing and encryption techniques.

And yes, I like whirlpool - it's strong enough for my current needs and to my knowledge no collisions have been detected.

As for creating your own - forget it. Unless you have an excellent knowledge of mathematics, encryption, logic, number-theory and "cracking", you will not be able to produce anything even remotely secure.

Posted

Re: Double hashing with salt....

 

And yes, I like whirlpool - it's strong enough for my current needs and to my knowledge no collisions have been detected.

How would i use Whirlpool? Something like

<?php

$SetNewPassword = sprintf(
"UPDATE users SET
  `userpass` = '%s',
WHERE (userid = %u)",
Whirlpool($_POST['password']),
$ir['userid']);
$db->query($SetNewPassword);

?>
Guest Anonymous
Posted

Re: Double hashing with salt....

No.

a) Whirpool does not exist as a native function in PHP. (Although, in some cases it is available via the mhash or hash extensions).

b) You should never just hash a single entity - You should use a salt.

Guest Anonymous
Posted

Re: Double hashing with salt....

@Karlos:

 

sha1($login_name.$login_password);

 

is a reasonable solution.

Posted

Re: Double hashing with salt....

 

@Karlos:

 

sha1($login_name.$login_password);

 

is a reasonable solution.

i have done some researching maybe not the right words but is there a way of adding whirlpool to php.

Like a simple function somewhere (i know it's more complicated but must be doable)

Posted

Re: Double hashing with salt....

 

<?php
print_r(hash_algos());
?>

Prints a list of registered hashes

not necessarily work on php but still might help

posted it earlier hun

yeah i see it's registered on the php site but tried using it has a simple

echo whirlpool('text');

results in

Call to undefined function whirlpool()

ill do more research, thanks Nyna

EDITED

<?php
echo hash( 'whirlpool', 'hash' );
?>

Was not so difficult found it within 2 mins of searching that is correct right?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...