Karlos Posted December 8, 2008 Posted December 8, 2008 Im personally not sure weather to use double hasing with salt for MD5 or SHA1 Examples: Layed out like updating new pass in preferences. <?php $SetNewPassword = sprintf( "UPDATE users SET `userpass` = '%s', WHERE (userid = %u)", md5(md5('u9r@~[=-=-'.$_POST['password']).'#sdf'), $ir['userid']); $db->query($SetNewPassword); ?> <?php $SetNewPassword = sprintf( "UPDATE users SET `userpass` = '%s', WHERE (userid = %u)", sha1(sha1('u9r@~[=-=-'.$_POST['password']).'#sdf'), $ir['userid']); $db->query($SetNewPassword); ?> Which one would would be more secure? Quote
Haunted Dawg Posted December 8, 2008 Posted December 8, 2008 Re: Double hashing with salt.... I would say sha1 has been far more secure. I "THINK" it has never been undecrypted. So go for sha1. Quote
Karlos Posted December 8, 2008 Author Posted December 8, 2008 Re: Double hashing with salt.... Thanks, but i'm still not enriely sure, so i'll wait till i get more opinions. Quote
Zero-Affect Posted December 8, 2008 Posted December 8, 2008 Re: Double hashing with salt.... well micoroft run sha1 Nyna suggested whirlpool to me before... maybe interesting to google lol im sure with the right amount of time and imagination creating your own shouldn't be so difficult but im sure won't be the dogs bollocks like sha1, md5 or whirlpool Quote
Karlos Posted December 8, 2008 Author Posted December 8, 2008 Re: Double hashing with salt.... well micoroft run sha1 Nyna suggested whirlpool to me before... maybe interesting to google lol Never heard of whirlpool....Might look into it. Quote
Karlos Posted December 8, 2008 Author Posted December 8, 2008 Re: Double hashing with salt.... By what i can find out i'm guessing it's something like (one of these three) <?php $SetNewPassword = sprintf( "UPDATE users SET `userpass` = '%s', WHERE (userid = %u)", Whirlpool-T(Whirlpool-T('u9r@~[=-=-'.$_POST['password']).'#sdf'), $ir['userid']); $db->query($SetNewPassword); ?> <?php $SetNewPassword = sprintf( "UPDATE users SET `userpass` = '%s', WHERE (userid = %u)", Whirlpool-0(Whirlpool-0('u9r@~[=-=-'.$_POST['password']).'#sdf'), $ir['userid']); $db->query($SetNewPassword); ?> <?php $SetNewPassword = sprintf( "UPDATE users SET `userpass` = '%s', WHERE (userid = %u)", Whirlpool(Whirlpool('u9r@~[=-=-'.$_POST['password']).'#sdf'), $ir['userid']); $db->query($SetNewPassword); ?> Most likely wrong tho... :? Quote
Guest Anonymous Posted December 8, 2008 Posted December 8, 2008 Re: Double hashing with salt.... NEVER double hash -- all you are doing is making it a *lot* easier to find a collision. ... I "THINK" it has never been undecrypted. ... It's not encryption - it's hashing which is a one-way function. It cannot be reversed. well micoroft run sha1 Nyna suggested whirlpool to me before... maybe interesting to google lol im sure with the right amount of time and imagination creating your own shouldn't be so difficult but im sure won't be the dogs bollocks like sha1, md5 or whirlpool M$ use a variety of hashing and encryption techniques. And yes, I like whirlpool - it's strong enough for my current needs and to my knowledge no collisions have been detected. As for creating your own - forget it. Unless you have an excellent knowledge of mathematics, encryption, logic, number-theory and "cracking", you will not be able to produce anything even remotely secure. Quote
Karlos Posted December 8, 2008 Author Posted December 8, 2008 Re: Double hashing with salt.... And yes, I like whirlpool - it's strong enough for my current needs and to my knowledge no collisions have been detected. How would i use Whirlpool? Something like <?php $SetNewPassword = sprintf( "UPDATE users SET `userpass` = '%s', WHERE (userid = %u)", Whirlpool($_POST['password']), $ir['userid']); $db->query($SetNewPassword); ?> Quote
Guest Anonymous Posted December 8, 2008 Posted December 8, 2008 Re: Double hashing with salt.... No. a) Whirpool does not exist as a native function in PHP. (Although, in some cases it is available via the mhash or hash extensions). b) You should never just hash a single entity - You should use a salt. Quote
Karlos Posted December 8, 2008 Author Posted December 8, 2008 Re: Double hashing with salt.... So what would you recommend then? Quote
Zero-Affect Posted December 8, 2008 Posted December 8, 2008 Re: Double hashing with salt.... <?php print_r(hash_algos()); ?> Prints a list of registered hashes not necessarily work on php but still might help Quote
Karlos Posted December 8, 2008 Author Posted December 8, 2008 Re: Double hashing with salt.... Can someone tell me what hasing technique would be best to use...? Quote
Guest Anonymous Posted December 8, 2008 Posted December 8, 2008 Re: Double hashing with salt.... @Karlos: sha1($login_name.$login_password); is a reasonable solution. Quote
Zero-Affect Posted December 8, 2008 Posted December 8, 2008 Re: Double hashing with salt.... @Karlos: sha1($login_name.$login_password); is a reasonable solution. i have done some researching maybe not the right words but is there a way of adding whirlpool to php. Like a simple function somewhere (i know it's more complicated but must be doable) Quote
Guest Anonymous Posted December 8, 2008 Posted December 8, 2008 Re: Double hashing with salt.... http://uk.php.net/hash_algos I have no idea if Whirlpool is supported across the board however. Quote
Zero-Affect Posted December 8, 2008 Posted December 8, 2008 Re: Double hashing with salt.... <?php print_r(hash_algos()); ?> Prints a list of registered hashes not necessarily work on php but still might help posted it earlier hun yeah i see it's registered on the php site but tried using it has a simple echo whirlpool('text'); results in Call to undefined function whirlpool() ill do more research, thanks Nyna EDITED <?php echo hash( 'whirlpool', 'hash' ); ?> Was not so difficult found it within 2 mins of searching that is correct right? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.