md5 question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
a94060
Forum Regular
Posts: 543
Joined: Fri Feb 10, 2006 4:53 pm

md5 question

Post by a94060 »

i found this bit of code in a post

PHP:

Code: Select all

<?php 

$unique_id = md5(uniqid(rand(),1)); 

$token_result = mysql_query("SELECT id FROM table WHERE id='$unique_id'",$db); 

while($num_rows = mysql_num_rows($token_result)){ 
                         
    $unique_id = md5(uniqid(rand(),1));     
                         
}
where the md5 hashing happens,does the the md5 always return the same for a specific word?.

im asking because it looks like this script looks for the $unique_id in the id column.
does this make sense wat im asking?
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

the md5() is done right when it is called. That snippet you posted does basically nothing, just generates a new hash of a uniqid() for however many times its found in the db. Yes, md5() will always return the same hash for whatever you run md5 on. like

Code: Select all

//these 2 give the exact same output
echo md5('vanilla');
echo md5('vanilla');

//this is a different output
echo md5('ninja');
User avatar
a94060
Forum Regular
Posts: 543
Joined: Fri Feb 10, 2006 4:53 pm

Re: md5 question

Post by a94060 »

a94060 wrote:i found this bit of code in a post

PHP:

Code: Select all

<?php 

$unique_id = md5(uniqid(rand(),1)); 

$token_result = mysql_query("SELECT id FROM table WHERE id='$unique_id'",$db);
where the md5 hashing happens,does the the md5 always return the same for a specific word?.

im asking because it looks like this script looks for the $unique_id in the id column.
does this make sense wat im asking?
so say i put the entry "foo" into the db and it puts a unique_id of XXX. The next time im trying to find it,will the md5(uniqid(rand())) giv me the id XXX ?


since the rand() is implemented,wont it be a diff number whic hthe chances being 1 in >infinity ?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

The PHP Manual - uniqid wrote: uniqid() returns a prefixed unique identifier based on the current time in microseconds. prefix is optional but can be useful, for instance, if you generate identifiers simultaneously on several hosts that might happen to generate the identifier at the same microsecond. Up until PHP 4.3.1, prefix could only be a maximum of 114 characters long.
If you use md5(uniqid(rand(),1)) you will get a different result everytime. This series of functions can generally be used to generate a session id if you are using your own session development script instead of using PHP's session vars. Howeverm everytime you call that function setup you are going to get a different result.

To answer your question on 'foo'. If you take 'foo' and run it through md5() you will get 'acbd18db4cc2f85cedef654fccc4a4d8' everytime you run it.
User avatar
a94060
Forum Regular
Posts: 543
Joined: Fri Feb 10, 2006 4:53 pm

Post by a94060 »

so,i should jus use that? ill jus use

Code: Select all

md5($_POST['hash_this'])
thats all ill use to encrypt it. it will help relitavly rite?
LiveFree
Forum Contributor
Posts: 258
Joined: Tue Dec 06, 2005 5:34 pm
Location: W-Town

Post by LiveFree »

For me and the Dev team of PHPNuke Evolution...

We use md5(md5($input))
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Tucker wrote:We use md5(md5($input))
I do hope you're joking Tucker. A doubling of any hashing (including mixed) results in less entropy. Less entropy equals less secure.

All I'd have to do to break the security is figure out a VERY uniform expression.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Like Feyd said, stay away from md5(md5('somestring')). You can use md5 to hash a value, but don't consider it encryption. There has been considerable discussion on encryption techniques, hashing mechanisms and security. You should search these forums for encryption, md5, sha1 and sha256. All these functions offer a data hash moreso than encryption.

The typical use for these mechanisms is hashing a value to match against a hash value in the database. But before you get too far into this, you should really look into the various techniques used to hash data.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

and remember SHA256 > SHA1 > MD5 :)
Post Reply