Page 1 of 1

unMD5 function?!

Posted: Sat Aug 03, 2002 4:57 am
by kaily
It's said that the fallowing code could unMD5 a md5 string :!:
8O What do you think of this!
:?:

Code: Select all

<?php 
$key = "This is supposed to be a secret key !!!"; 

function keyED($txt,$encrypt_key) 
&#123; 
$encrypt_key = md5($encrypt_key); 
$ctr=0; 
$tmp = ""; 
for ($i=0;$i<strlen($txt);$i++) 
&#123; 
if ($ctr==strlen($encrypt_key)) $ctr=0; 
$tmp.= substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1); 
$ctr++; 
&#125; 
return $tmp; 
&#125; 

function encrypt($txt,$key) 
&#123; 
srand((double)microtime()*1000000); 
$encrypt_key = md5(rand(0,32000)); 
$ctr=0; 
$tmp = ""; 
for ($i=0;$i<strlen($txt);$i++) 
&#123; 
if ($ctr==strlen($encrypt_key)) $ctr=0; 
$tmp.= substr($encrypt_key,$ctr,1) . 
(substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1)); 
$ctr++; 
&#125; 
return keyED($tmp,$key); 
&#125; 

function decrypt($txt,$key) 
&#123; 
$txt = keyED($txt,$key); 
$tmp = ""; 
for ($i=0;$i<strlen($txt);$i++) 
&#123; 
$md5 = substr($txt,$i,1); 
$i++; 
$tmp.= (substr($txt,$i,1) ^ $md5); 
&#125; 
return $tmp; 
&#125; 

$string = "Hello World !!!"; 

// encrypt $string, and store it in $enc_text 
$enc_text = encrypt($string,$key); 

// decrypt the encrypted text $enc_text, and store it in $dec_text 
$dec_text = decrypt($enc_text,$key); 

print "Original text : $string <Br>\n"; 
print "Encrypted text : $enc_text <Br>\n"; 
print "Decrypted text : $dec_text <Br>\n"; 
?>
Isn't it said that MD5 is a one-way crypt?
Sorry for my english! :oops:

Posted: Sat Aug 03, 2002 8:14 am
by hob_goblin
yes... md5 is a one way encryption, there are infinite strings to be eyncrypted.. but finite possibilities for the 32 char hash...

Posted: Sat Aug 03, 2002 9:17 am
by volka
what you get from this script isn't really a md5-hash.

The most secure code (because it can't be attacked by mathematical procedures) is to have a list of (strong) random numbers the same length as the text to be encoded. Simply xor each character of the text with the next number of the code. You have to exchange the code list over a secure channel.

This scripts generate a code-list with md5 so the code is still correlated with the text and limited to a length of 32 and an limited alphabet.
may be tricky but not md5. ;)