PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Tue Aug 21, 2018 1:25 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 46 posts ]  Go to page 1, 2, 3, 4  Next
Author Message
PostPosted: Mon Aug 22, 2005 2:38 am 
Offline
DevNet Master
User avatar

Joined: Thu Aug 15, 2002 5:53 am
Posts: 4235
Location: Sussex, UK
"But, but, but...MD5 is an encryption, right?" Nope, it's not. It's a hashed string. And it can easily brute-forced, now even more easily than ever

slashdot wrote:
"Sporting over 12 million entries, project GDataOnline is one of the largest non-RainbowTable based MD5 crackers on the internet. The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization. Average crack time for 5 hashes: .04 seconds. No more waiting weeks for your results!"

Source: http://it.slashdot.org/article.pl?sid=05/08/21/1946254

If you still rely on MD5 for any kind of security: don't. SHA1 has been cracked as well, so your best bet is using PHP's crypt() function (and not use it's MD5 hashing).


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 2:48 am 
Offline
DevNet Resident
User avatar

Joined: Sat Dec 06, 2003 10:52 pm
Posts: 1679
Location: Mumbai, India
I thought for hashed strings, theres no key - so how can it be reversed ?


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 2:51 am 
Offline
DevNet Master
User avatar

Joined: Thu Aug 15, 2002 5:53 am
Posts: 4235
Location: Sussex, UK
They can be brute forced which renders the whole process of MD5'ing utterly pointless. Example: go to http://gdataonline.com/seekhash.php and enter "46ebfdc1519946f436cd1081b525d98f" into the input field.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 3:19 am 
Offline
DevNet Resident
User avatar

Joined: Sat Dec 06, 2003 10:52 pm
Posts: 1679
Location: Mumbai, India
Yours is giving iceberg. 0cc175b9c0f1b6a831c399e269772661 is giving a
But all others I've entered are returning ????.
Is it that theres a code running constantly thats cracking one by one and storing in the database ?


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 3:20 am 
Offline
DevNet Master
User avatar

Joined: Thu Aug 15, 2002 5:53 am
Posts: 4235
Location: Sussex, UK
anjanesh wrote:
Yours is giving iceberg. 0cc175b9c0f1b6a831c399e269772661 is giving a
But all others I've entered are returning ????.
Is it that theres a code running constantly thats cracking one by one and storing in the database ?


Yup. See my original post above.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 3:28 am 
Offline
Forum Contributor

Joined: Fri Jun 18, 2004 3:04 am
Posts: 120
If you choose a random password it takes a lot longer than .04 seconds to break it.
To be able to break every hash computed by md5 such a database must have 2^128 entries... And that numbers dwarves the 12 million in the GDataOnline database.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 3:32 am 
Offline
DevNet Resident
User avatar

Joined: Sat Dec 06, 2003 10:52 pm
Posts: 1679
Location: Mumbai, India
How is this possible - there are too many combinations of letters. How can they ultimately have the entire combination of words ?


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 3:42 am 
Offline
DevNet Master
User avatar

Joined: Thu Aug 15, 2002 5:53 am
Posts: 4235
Location: Sussex, UK
Not they - anyone. That's just an online database containing hashes and the corresponding sequence of characters. See http://en.wikipedia.org/wiki/Dictionary_attack


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 3:48 am 
Offline
DevNet Resident
User avatar

Joined: Sat Dec 06, 2003 10:52 pm
Posts: 1679
Location: Mumbai, India
I saw the link - add words.
So its like they're accepting words to add it to their database with the hasha value.

I thought some code is actually figuring out the word from the hash key.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 5:42 am 
Offline
DevNet Resident

Joined: Tue Nov 18, 2003 2:09 pm
Posts: 1826
Location: Middlesbrough, UK
they still need to get hold of the MD5 string so they can convert.

So once again, build a secure system and you'll be safe, IE dont login as root on database :roll:


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 5:56 am 
Offline
DevNet Master
User avatar

Joined: Thu Aug 15, 2002 5:53 am
Posts: 4235
Location: Sussex, UK
malcolmboston wrote:
So once again, build a secure system and you'll be safe, IE dont login as root on database :roll:


Not quite sure what you mean.

Regarding MD5: a very common pitfall is that most people use very simple passwords. On a shared server (and database), simply MD5-ing a users password is a security hole. But that's just one of many.


Top
 Profile  
 
PostPosted: Mon Aug 22, 2005 6:41 am 
Offline
Tutorials Group

Joined: Sun Jan 04, 2004 11:30 pm
Posts: 2692
patrikG wrote:
If you still rely on MD5 for any kind of security: don't. SHA1 has been cracked as well, so your best bet is using PHP's crypt() function (and not use it's MD5 hashing).

The phrase "Cracked" is really misleading here.

Lets get specific about what has happened.

In the last two years, a series of papers have found formulas and algorithms that reduce the crypto strength of both MD5 and SHA1. What does that mean, for a programmer?

When you choose a hash function, you want two things: One to many representation of data, and minimal collision likelihood. Collisions are a precise way of saying "two inputs have the same output".

Few collisions are what make hashes great for file verification (like CDROM iso images), because it allows you to make an MD5sum of the contents of the CD, and verify that nothing has changed.

What the papers have shown is that there is a higher likelihood of collisions than previously expected.

The understanding up until two years ago was that md5 had a collision likelihood of roughly 2^128. With the recent findings (see http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf ), the likelihood has dropped to roughly 2^43, thousands of times faster. That likelihood does require that the plaintext input is known.

So what it means to a programmer is that there is more of a chance that ISO1 == ISO2, even though they may be different.

Thats only a serious issue in a few situations. Obviously, in ISO verification, its a serious problem - an attacker can now generate an ISO that has trojans on it, but ensure that its md5sum matches the one posted on a website. (Thats how you usually verify an ISO, for example, most Linux distributions).

However - it doesn't mean that md5 is useless, worthless, or insecure. It means that it is *less* secure.

For password hashing, md5 still has some value. While 2^43 is considerably less than 2^128, its still far better than plaintext. Its quick, it can replace cleartext storage and transmission, and is still verifiable (although collisions may be possible).

The website PatrikG posted stores lists of known input->output pairs, to allow bruteforcing to be far faster. That means that password hashing (on md5) using common passwords can even less secure, because now it just requires a lookup.

That can be done on *any* hashing function - md5, sha, des, etc.

So what can you do to be secure? PatrikG recommends crypt, which I disagree with. Crypt gives you 4 choices: DES with 2 character salt, DES with 9 character salt, MD5, and Blowfish. Both DES options have less cryptographic strength than md5 - even at the lower collision count reported in the latest papers. We've already discussed why md5 is less than ideal, which leaves blowfish.

Blowfish isn't terrible, and there haven't been substantial new attacks found against it. But its considerably less secure than (for example) SHA-256, which has more combinations possible.

While the SHA family has had some recent findings, none of them substantially reduces the overall complexity below MD5, DES, or Blowfish. SHA-256 is still considerably stronger than all of them.

Since Feyd posted a fantastic SHA256 implementation in php here on the forums, and there are existing SHA256 implementations in Javascript, its honestly the best option for secure hashing today.

Using MD5 to hash a users password is not a security hole. Using SHA to hash it isn't either. Neither has been cracked. All of the papers and websites simply show that they are not as secure as we once thought, which is a long way from saying they are useless.

I hope that clears up some of the confusion.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 6:49 am 
Offline
Forum Contributor
User avatar

Joined: Tue Nov 02, 2004 2:49 am
Posts: 119
Location: South Africa
patrikG wrote:
Regarding MD5: a very common pitfall is that most people use very simple passwords. On a shared server (and database), simply MD5-ing a users password is a security hole. But that's just one of many.


It is nice to have rules / policies governing password creation.
i.e. Must have:
    numbers
    letters
    lowercase
    uppercase
    symbols
    non dictionary words
    not be derrived from the username
    etc.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 6:58 am 
Offline
DevNet Master
User avatar

Joined: Thu Aug 15, 2002 5:53 am
Posts: 4235
Location: Sussex, UK
Roja wrote:
PatrikG recommends crypt, which I disagree with. Crypt gives you 4 choices: DES with 2 character salt, DES with 9 character salt, MD5, and Blowfish. Both DES options have less cryptographic strength than md5 - even at the lower collision count reported in the latest papers. We've already discussed why md5 is less than ideal, which leaves blowfish.


I should have been more specific. Thanks for clarifying and elabourating on this.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Aug 22, 2005 8:38 am 
Offline
Site Admin
User avatar

Joined: Tue Dec 23, 2003 3:10 am
Posts: 11470
Location: Toronto
Arg I never let users choose their password.. I usually generate a 6-8 char string alphanumerically and case sensitive.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 46 posts ]  Go to page 1, 2, 3, 4  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group