Page 2 of 3

Posted: Wed Mar 23, 2005 8:13 am
by Pyrite
Still, the point of MD5 is not encryption or security. Even though most php'ers use it for that purpose. The point is that it creates an exact signature of a string or file that is useful for comparison (ie. check what the user inputs against what is in the db / or check a file downloaded from a mirror site with an md5 hash of the original file to see if has changed or been tampered with. Security is more important to look at on the server, the network, the client or the db server.

Posted: Wed Mar 23, 2005 8:20 am
by feyd
I wasn't disagreeing with you. I simply wanted to illustrate the differences from MD5 to SHA256.

True though, their intention is to signature larger data sets. Although hashing is technically a form of encryption because a compression algorithm is performed on the data... although I don't like to consider it encryption. :)

Posted: Wed Mar 23, 2005 11:08 am
by Pyrite
feyd wrote:Although hashing is technically a form of encryption because a compression algorithm is performed on the data... although I don't like to consider it encryption. :)
So does that mean that Zip, RAR and JPEG is encryption too? Surely not! :D

I wasn't disagreeing with you though, was simply stating for the others. If you like, check out RFC1321 of what MD5 exactly is.

http://www.faqs.org/rfcs/rfc1321.html

Posted: Wed Mar 23, 2005 11:11 am
by feyd
Excluding JPEG because it's an interchange format, they are. Compression is a kind of encryption.

Posted: Wed Mar 23, 2005 11:20 am
by Pyrite
I hate to disagree, may be you can point me in the direction of your source instead?

Posted: Wed Mar 23, 2005 11:33 am
by Roja
feyd wrote:Although hashing is technically a form of encryption because a compression algorithm is performed on the data...
Compression != encryption.

A cheap definition of encryption could be "The act of altering data to make it unreadable unless you know how to decrypt it".

Merely compressing something doesn't make it encrypted, and in fact, a hash isn't even truly compression (it looses the content, giving a unique representation of the data - NOT a smaller version of the same data).

Some other misconceptions.. MD5 is no longer considered secure - in crypto circles.

Cryptology is all relative. So, for example, previously, md5 had a brute-force time in the months-long range. Now, based on the latest findings, its been reduced to under 8 hours using a standard desktop. Thats a severe break!

Now factor in that some attackers have botnets in the 1,000 computer range, and suddenly, its a very serious issue for sites that require "trust".

SHA1 has also had some hits lately, although not nearly as dramatic, they also reduced the brute-force time a substantial amount.

What does this mean for a php developer? Well, lets take a forum, or an online game. The user's passwords are hashed, and the hash is stored.

If an attacker were able to get that list of hashes, previously, it would have been nearly useless - it would have taken months for EACH hash to be brute-forced. Now, however, with even a few computers, in a matter of 3-4 days, the attacker can have the vast majority of the passwords!

When you consider that most people re-use passwords, suddenly, even a simple online game or forum becomes a valuable target. What if the user reused that password on ebay? Or his bank?

The point is, if you are choosing to hash a password, you care about security. If you care about security, don't give people a false sense of security. Their online lives may be compromised by your shortcuts!!

Right now, SHA-256 is considered secure for the forseeable future. Several threads have posted a php version and a javascript version, which is all you need to implement both ends of a fairly secure login system.

Posted: Wed Mar 23, 2005 11:43 am
by Roja
php_wiz_kid wrote:I usually just MD5 it once. I doubt someone will go to the lengths to either unhash or bruteforce your password unless your site has a lot of sensitive information. If your site is high traffic or you expect there to be high traffic then I'd use MD5 rather than SHA256 because of execution speed. If your site is an internal application and only works over an intranet or it's a low traffic site then SHA256 might be a consideration if you're really wanting to keep passwords protected. Just keep in mind that it would take a while to bruteforce a 64-bit password. I find MD5 to be rather secure.
First, the SHA256 function posted in another thread is only 1.2% slower than sha1, and only 9% slower than the native md5() function from php. The fact that all three are in the less-than-1/4-a-second range on a 1ghz machine, it starts to be silly to say "its slower". The execution time is really a trivial difference. You'd be better off working on trimming some SQL calls. :)

As to "I find MD5 to be rather secure" - The latest finding shows that it takes 8 hours on a 1.6ghz desktop to brute force a given md5. Thats *not* secure.

As to "I doubt someone will go to the lengths to either unhash or bruteforce your password unless your site has a lot of sensitive information", *all sites do*. Even a trivial game or forum online is likely to have at least a few users who reuse their passwords and usernames on other sites - sensitive sites, with valuable information.

Combine the relatively weak security on a forum (phpbb, ipb, etc), with the likely chance that a user used the same password and username on a tight security website (bank, ebay), and suddenly, it becomes very worthwhile for an attacker.

Posted: Wed Mar 23, 2005 11:43 am
by Pyrite
I agree, and from the MD5 rfc, it shows that the authors intention was to only make a signature of data with MD5 and then encrypt it using a public-key system, a two part process.

The MD5
algorithm is intended for digital signature applications, where a
large file must be "compressed" in a secure manner before being
encrypted with a private (secret) key under a public-key cryptosystem
such as RSA.

Posted: Thu Mar 24, 2005 4:11 am
by Chris Corbyn
I really need to read up on good security.

This thread has been very interesting.... especially some of the points put forward by Roja :D

Posted: Thu Mar 24, 2005 4:34 am
by Maugrim_The_Reaper
It is possible to utilise hashing to secure password transmission - and you can make a secondary check to bypass javascript supported hashing for client with js disabled - just make sure the form still allows sending of the plain text password if js is disabled - or fails.

You can see an example of such a process here: http://www.sanisoft.com/phplib/manual/auth_Response.php

Posted: Mon Mar 28, 2005 1:58 am
by pleigh
your points are great...thanks guys....overall....what do you recommend?
SHA1()?SHA256()?MD5()?PASSWORD()?....anything else?

Posted: Mon Mar 28, 2005 2:15 am
by feyd
SHA256 > SHA1 > MD5

Do not use PASSWORD(). Remember though, SHA256 is not built into any of the systems yet. So you can't call it in a query string, it must be processed in code.

Posted: Mon Mar 28, 2005 3:47 am
by pleigh
ok feyd, thanks a lot....where can i find the complete SHA256()?

Posted: Mon Mar 28, 2005 4:21 am
by n00b Saibot
Feyd already has that down for us here :arrow: SHA256 :)

Posted: Mon Mar 28, 2005 5:20 am
by pleigh
what version in feyd's sha256() should i use?is it enough to use the last thread of feyd?