unMD5 function?!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kaily
Forum Newbie
Posts: 12
Joined: Fri Jul 05, 2002 12:17 pm

unMD5 function?!

Post by kaily »

It's said that the fallowing code could unMD5 a md5 string :!:
8O What do you think of this!
:?:

Code: Select all

<?php 
$key = "This is supposed to be a secret key !!!"; 

function keyED($txt,$encrypt_key) 
&#123; 
$encrypt_key = md5($encrypt_key); 
$ctr=0; 
$tmp = ""; 
for ($i=0;$i<strlen($txt);$i++) 
&#123; 
if ($ctr==strlen($encrypt_key)) $ctr=0; 
$tmp.= substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1); 
$ctr++; 
&#125; 
return $tmp; 
&#125; 

function encrypt($txt,$key) 
&#123; 
srand((double)microtime()*1000000); 
$encrypt_key = md5(rand(0,32000)); 
$ctr=0; 
$tmp = ""; 
for ($i=0;$i<strlen($txt);$i++) 
&#123; 
if ($ctr==strlen($encrypt_key)) $ctr=0; 
$tmp.= substr($encrypt_key,$ctr,1) . 
(substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1)); 
$ctr++; 
&#125; 
return keyED($tmp,$key); 
&#125; 

function decrypt($txt,$key) 
&#123; 
$txt = keyED($txt,$key); 
$tmp = ""; 
for ($i=0;$i<strlen($txt);$i++) 
&#123; 
$md5 = substr($txt,$i,1); 
$i++; 
$tmp.= (substr($txt,$i,1) ^ $md5); 
&#125; 
return $tmp; 
&#125; 

$string = "Hello World !!!"; 

// encrypt $string, and store it in $enc_text 
$enc_text = encrypt($string,$key); 

// decrypt the encrypted text $enc_text, and store it in $dec_text 
$dec_text = decrypt($enc_text,$key); 

print "Original text : $string <Br>\n"; 
print "Encrypted text : $enc_text <Br>\n"; 
print "Decrypted text : $dec_text <Br>\n"; 
?>
Isn't it said that MD5 is a one-way crypt?
Sorry for my english! :oops:
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

yes... md5 is a one way encryption, there are infinite strings to be eyncrypted.. but finite possibilities for the 32 char hash...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

what you get from this script isn't really a md5-hash.

The most secure code (because it can't be attacked by mathematical procedures) is to have a list of (strong) random numbers the same length as the text to be encoded. Simply xor each character of the text with the next number of the code. You have to exchange the code list over a secure channel.

This scripts generate a code-list with md5 so the code is still correlated with the text and limited to a length of 32 and an limited alphabet.
may be tricky but not md5. ;)
Post Reply