You're not using MD5 anymore, are you?

Where we keep all the boring tidbits about the PHPDN site, the news, and what not.

Moderator: General Moderators

User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Nope that it's even worse.

"BECAUSE OF THIS BUSINESS AGREEMENT YOU WILL PAY ME ONE DOLLARXXXXXXXXX."

and

"BECAUSE OF THIS BUSINESS AGREEMENT YOU WILL PAY ME TEN BILLION DOLLARS."

hash the same thing.

However, you've almost got the idea. The 'random' thing is called a "salt". http://en.wikipedia.org/wiki/Salt_%28cryptography%29
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Sander wrote:So, doing "md5(md5($var));" isn't a good idea, but how about something like this?

Code: Select all

md5(md5(substr($var, 0, 16)) . strlen($var));
I believe stuff like that is done quite often; would adding other 'random' (the substr() and strlen()) things to the hash make it more secure?
You didn't finish your sentence - more secure than what?

More secure than just md5($var)?

No. Here's why - its predictable, and its flawed. As Ambush Commander correctly pointed out, by testing various hashes, they can quickly find the pattern that you use to construct your hash. Thats what a good hash prevents - it makes it challenging to determine a pattern from chaos.

Now, what you are trying to do mentally, is add "some more randomness to it". The proper way, in md5, is via a salt. A salt is an additional input that is also not known, that also doesn't follow a predictable pattern.

By doing so you improve a TINY part of the security - you make rainbow tables less useful.

However, with new md5 compromises being found daily, and with processing power growing *every* day, AND with a perfectly working sha256 implementation in PHP, and Javascript, there is literally no reason to keep using md5.

In other words, "Is it more secure than md5()? No. However, sha256 is MUCH more secure, so use it!"

And you can even use a salt with sha256 too. :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I fear we're starting to get into beating a dead horse, more than should be done normally....
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

feyd wrote:I fear we're starting to get into beating a dead horse, more than should be done normally....

Na, I'm still learning everytime Roja posts. Thanks, Roja!
Sander
Forum Commoner
Posts: 38
Joined: Sat Aug 06, 2005 12:43 pm

Post by Sander »

I actually ment more secure than "md5(md5($var));", but I guess it also counts for "md5($var);" :)
Roja wrote:However, with new md5 compromises being found daily, and with processing power growing *every* day, AND with a perfectly working sha256 implementation in PHP, and Javascript, there is literally no reason to keep using md5.

In other words, "Is it more secure than md5()? No. However, sha256 is MUCH more secure, so use it!"

And you can even use a salt with sha256 too. :)
Other than Feyd his sha256 script, I can't find any sha256 implementation in PHP (no built in stuff, anyway).

So should I use Feyd his script, or something else?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

You can use Feyd's script (I'm not aware of any alternatives), and eventually PHP should build in a sha256 function. We all should celebrate when that day comes, because PHP for stuff like this is just plain sloooooow (when compared to C++ implementations, etc.).
Last edited by Ambush Commander on Wed Aug 24, 2005 2:51 pm, edited 1 time in total.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Sander wrote:I actually ment more secure than "md5(md5($var));", but I guess it also counts for "md5($var);" :)
Yeah.
Sander wrote: Other than Feyd his sha256 script, I can't find any sha256 implementation in PHP (no built in stuff, anyway).

So should I use Feyd his script, or something else?
Definitely use Feyd's. I've used it in a number of scripts, and tested it against a fairly large number of sha256 reference implementations, to the tune of thousands of matches, so its definitely solid.

Did I mention its fast, well-written, and made by a member of OUR forums ? :)

Yeah, its solid stuff.
neophyte wrote:Na, I'm still learning everytime Roja posts. Thanks, Roja!
I'm happy to help, but it is feeling a bit redundant.

In a nutshell, trying to find a more secure way to keep using a flawed algorithm is just a waste of time. No matter how much magic you throw into md5, the algorithm is flawed. Just use sha256. :)
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Sander wrote:So should I use Feyd his script, or something else?
You will soon here a chorus of yes to use Feyd's sha256 implementation.

edit: gah, too slow Patrik his hands type today.
Sander
Forum Commoner
Posts: 38
Joined: Sat Aug 06, 2005 12:43 pm

Post by Sander »

Okidokie, Feyd his implementation it is :) Thanks for all the feedback guys (And, of course, thanks for Feyd for the great script :) )
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

but cant feyds script be jsut as easy to brute force as any other differnt type of encryption/hash? i mean when it comes to brute force there is no difference right?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you're welcome. As far as I know, it is the only platform independant, nonmodule implementation. I built it for speed, given the circumstances.



FYI, it was built in response to this thread: viewtopic.php?t=30797 and none of us finding a (suitable or not) implementation of it for php...



brute forcing mine will often take... a bit longer to get it.. provided your key's length is not known, and it is reasonably sized.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

shiznatix wrote:but cant feyds script be jsut as easy to brute force as any other differnt type of encryption/hash? i mean when it comes to brute force there is no difference right?
There is a difference.

First, lets look at it "the long way" (also the wrong way.. I crack myself up):

(using the word "test"):
MD5 : 098f6bcd4621d373cade4e832627b4f6
SHA1: a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

See a difference? Imagine trying to guess every character in the first one, and then trying to guess everyone in the second one. Which takes longer? Definitely SHA.

(Feyd's script is sha256, which is even LONGER!)

Of course, as I said, thats the wrong way to look at it. I'm cheating by looking at the output.

To be fair, a brute force on both runs against the INPUT, not the output. The input of both is the same..

But sha takes a *tiny* bit longer to process. For a user, you honestly cannot tell the difference.

For someone trying 2million+ entries? It adds up fast!

Lets say its 0.1 second. Since most page generation in php/sql can be done in < 0.5s, and the variation (+/-) is about 0.1s, we can say that a user can't tell the difference.

But an attacker hits 0.1 seconds * 2 million times = 200,000 seconds. Thats 55 hours, and thats a relatively small dictionary.

So yes, in every way, there is a big difference for the attacker in which hash function you use. :)
User avatar
dallasx
Forum Contributor
Posts: 106
Joined: Thu Oct 20, 2005 4:55 pm
Location: California

Post by dallasx »

What if you md5 or sha1 a password 4 or 5 times before stroring it? Or, maybe 500 times.
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

dallasx, please re-read the thread
User avatar
dallasx
Forum Contributor
Posts: 106
Joined: Thu Oct 20, 2005 4:55 pm
Location: California

Post by dallasx »

jshpro2 wrote:dallasx, please re-read the thread
Ahhhh, got it. I guess I tend yto skip over things when I'm 11 beers deep. Thanks for pointing that out.
Post Reply