encrypting with md5

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

encrypting with md5

Post by pelegk2 »

i have few quesions :
1) is it possible at all to decrypt an md5 encryption? if yes then how?
2)can i encrypt using my own key?
thnaks in advance
peleg
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

1) yes, generally, brute force
2) there is no key, it's a hashing routine.
User avatar
mikusan
Forum Contributor
Posts: 247
Joined: Thu May 01, 2003 1:48 pm

Post by mikusan »

MD5 - Hashing
RSA - Encryption

MD5 is often used to check differences between files. Take a file test.txt write 'hello' and then take text2 and write 'hellow' the md5 sum will be different. It's almost impossible to get 2 md5sums that are the same. Also you can use it to check passwords on a site, though it's only so that if you have people that can access your database cannot see the passwords in text, but only in hashes. That way you can protect your passes from your admin.

But passwords are still sent cleartext so you use SSL "encryption" which basically is a safe that you send to other people and only people that have the same keys to open it.

Yeah, in simple terms that's the diff.
ody
Forum Contributor
Posts: 147
Joined: Sat Mar 27, 2004 4:42 am
Location: ManchesterUK

Post by ody »

feyd wrote:1) yes, generally, brute force
2) there is no key, it's a hashing routine.

Its impossible to decrypt an md5 hash, its what is called a one way hash, brute force however is the only means to get the original data. Don't confuse brute forcing with decrypting, they are NOT the same.

The way md5 can be used is as such:

A users password is stored (md5'ed) in a database
when a user logs in they enter there password in cleartext
php md5's this clear text version of the password
php compares the newly hased password with the one in the database
if they are the same grant access
else dont.[/b]
User avatar
fresh
Forum Contributor
Posts: 259
Joined: Mon Jun 14, 2004 10:39 am
Location: Amerika

isnt this md5 decryption

Post by fresh »

Code: Select all

<?php

  function bytexor($a,$b,$l)
  {
   $c="";
   for($i=0;$i<$l;$i++) {
     $c.=$a{$i}^$b{$i};
   }
   return($c);
  }

  function binmd5($val)
  {
   return(pack("H*",md5($val)));
  }

  function decrypt_md5($msg,$heslo)
  {
   $key=$heslo;$sifra="";
   $key1=binmd5($key);
   while($msg) {
     $m=substr($msg,0,16);
     $msg=substr($msg,16);
     $sifra.=$m=bytexor($m,$key1,16);
     $key1=binmd5($key.$key1.$m);
   }
   echo "\n";
   return($sifra);
  }

  function crypt_md5($msg,$heslo)
  {
   $key=$heslo;$sifra="";
   $key1=binmd5($key);
   while($msg) {
     $m=substr($msg,0,16);
     $msg=substr($msg,16);
     $sifra.=bytexor($m,$key1,16);
     $key1=binmd5($key.$key1.$m);
   }
   echo "\n";
   return($sifra);
  }

// Example of usage...

$message = "This is a very long message, but it is very secret and important
and we need to keep the contents hidden from nasty people who might want to steal it.";

$key = "secret key";

$crypted = crypt_md5($message, $key);
echo "Encoded = $crypted<BR>"; // returns ¦ý¼=¯ ¶òºÏ`¬ù<ÂH ­ëÇ{.‡1º{ïå
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

Post by pelegk2 »

nice script though i am affraid that i maybe will have problem with file name that look like this :
[quote] ¦ý¼=¯ ¶òºÏ`¬ù<ÂH ­ëÇ{.‡1º{ïå
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

MD5 is a hashing routine and de-hashing it can years and years unless the MD5 hash is dictionary related or if it was a simple word, therefore it could be broken via a bruteforcer.

Try this simple dictionary attack : http://www.securitystats.com/tools/hashcrack.php
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

If your looking for data encryption you might want to checkout Mcrypt PHP extension.
Last edited by Buddha443556 on Sun Jul 18, 2004 3:51 pm, edited 1 time in total.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

[quote="pelegk2"]nice script though i am affraid that i maybe will have problem with file name that look like this :
¦ý¼=¯ ¶òºÏ`¬ù<ÂH ­ëÇ{.‡1º{ïå
Post Reply