PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Thu Oct 19, 2017 6:58 pm

All times are UTC - 5 hours




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 
Author Message
 Post subject: MD5 Tutorial
PostPosted: Tue Aug 31, 2004 3:18 pm 
Offline
Tutorials Group

Joined: Sun Jan 04, 2004 11:30 pm
Posts: 2692
requinix wrote:
January 2014:

Please note that MD5 and SHA1 are no longer suitable algorithms for use with password hashing. Not even with salting. While this tutorial will remain for posterity, please look for a more recent tutorial on best practices for storing passwords.


What is MD5 or MD5sum?

Its a formula - a way to take a message of an arbitrary length, and create a 128-bit "fingerprint" or "message digest" of the message. MD5 is a way to verify data integrity. On these forums, it comes up fairly often in discussions about storing user passwords and other sensitive data.

Is MD5 encryption?

No. It is simply a one-way fingerprint of the message. It doesn't include the original message, and you can't (generally) use the fingerprint (the md5sum) to 'figure out' the original message.

Okay, so you take a message - like a password - and generate an MD5sum from it.. Can't you brute-force that?

Like any password system, you could attempt to brute force the answer. However, MD5sum's are in a 128-bit space, meaning that to brute force it would take 2^128 attempts - thats over 3 with 38 zeroes after it.

Neat! Thats a lot. Are there any flaws in the algorithm that could speed it up?

A birthday attack is based on the theory that there *might* be *one* md5sum that matches multiple inputs. In theory, it is possible that a "birthday" attack could be possible - two md5sum hashes could be the same. But even then, the total number of brute forces is at 2^64 attempts - still a heck of a lot.

Okay. But couldn't (insert super-sneaky government agency here) build an md5 dictionary, and know what the password was with the md5?

Yes. Its entirely possible. However - it would take some work to do so. For example, just for a dictionary consisting of Alphabet letters (upper and lower), and numbers, there would be 46,656,000,000 entries - all at 32 characters each. Thats over 1 terabyte of data to store and search! It could be done - absolutely. But is it likely?

So its hard to brute force, what about dictionary attacks?

Dictionary attacks are a way of attacking poor passwords - most people use words in their passwords. If you can guess the word - for example, "love", then you can cut down the number of tries it would take. Of course if you guess right, then your # of attacks = 1. However, in general, using common computers as of the writing of this (2003), you can generally get roughly 5 million attacks per second, or fast enough to guess all 8-character Alphanumericals within 497 days.

Thats pretty strong - but is there anything stronger?

A similar method is SHA1 - a more secure 160-bit hashing algorithm. That makes it *much* more secure against brute-force, birthday attacks, and other forms of assault. There are yet more hashing algorithms that are even stronger - but MD5 and SHA1 are both natively supported in the latest PHP, and should be sufficient for most projects.

Allright - I'm sold. Tell me how to use it to store passwords and check them

There are three things we are protecting against - the stored passwords, the transmission of the passwords, and the replay of the password. Each is very different. Lets start with the stored password. We need to take a password, and store it in a variable. Then we need to check that variable against what the user entered:

Syntax: [ Download ] [ Hide ]
$secret_password = md5("LOVE");

if (md5($_POST['password']) == $secret_password)
{
    echo "Correct password";

} else {

    echo "Incorrect password";
}


Simple enough. However, the password is being sent cleartext in $_POST['password']. Which brings us to another thing to protect against - the cleartext transmission. Thankfully, there is an opensource (GPL'd) javascript MD5 implementation available online. If you use that javascript library to md5 the password before sending it, the server code would look like this instead:

Syntax: [ Download ] [ Hide ]
$secret_password = md5("LOVE");

if ($_POST['password'] == $secret_password)
{
    echo "Correct password";

} else {

    echo "Incorrect password";
}


Again, fairly simple. However, I mentioned the other problem - replay attacks. If someone could manage to 'sniff' the connection, and capture the md5sum, they could simply use that to login!

The solution to that can be very complex and involved - the same site for the javascript md5 function goes into great detail discussing how to implement a truly secure solution. It's called a "CHAP" login system, and here is a link to his page on it - including complete working PHP and javascript code to implement it.

MD5 is a very useful means to protect user's passwords online - if used correctly. Its not encryption, but it does help prevent whole databases of passwords being compromised.

Good reading:

The PHP manual page for MD5
The PHP manual page for SHA1 (similar, but stronger algorithm)
RSA's explanation of MD2/4 and MD5

-------------
Roja


Top
 Profile  
 
 Post subject:
PostPosted: Tue Aug 31, 2004 4:50 pm 
Offline
Forum Commoner

Joined: Thu Aug 05, 2004 9:35 pm
Posts: 26
Great tutorial. Just what a client was looking for.


Top
 Profile  
 
 Post subject: Re: MD5 Tutorial
PostPosted: Thu Oct 07, 2010 1:09 am 
Offline
Forum Newbie

Joined: Mon Sep 20, 2010 1:20 am
Posts: 12
thanks for you tutorial. And i finally know the difference between MD5 and SHA1 algorithm.


Top
 Profile  
 
 Post subject: Re: MD5 Tutorial
PostPosted: Sun Nov 21, 2010 8:15 pm 
Offline
Forum Newbie

Joined: Fri Nov 19, 2010 10:19 pm
Posts: 5
thank you. I can't wait to write a login system :)


Top
 Profile  
 
 Post subject: Re: MD5 Tutorial
PostPosted: Tue Nov 22, 2011 4:55 am 
Offline
Forum Contributor

Joined: Mon Nov 21, 2011 4:40 am
Posts: 142
Just remember that power of CPUs increased over the years :) this topic is from 2004. Its quite easy to produce 250M hash/sec with help of low-end GPU. With some better HW you could get 1000x /s more :)

http://codahale.com/how-to-safely-store-a-password/


Top
 Profile  
 
 Post subject: Re: MD5 Tutorial
PostPosted: Thu Dec 08, 2011 5:03 pm 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
Good point maxx99; since this tutorial was created md5 has been 'broken' and is not secure for hashing passwords anymore


Top
 Profile  
 
 Post subject: Re: MD5 Tutorial
PostPosted: Tue Nov 26, 2013 1:54 am 
Offline
Forum Newbie

Joined: Mon Oct 28, 2013 12:19 am
Posts: 16
This tutorial is very helpful on password hashing.

viewtopic.php?f=28&t=135287

Thanks to the authors Celauran and social-experiment.


Top
 Profile  
 
 Post subject: Re: MD5 Tutorial
PostPosted: Thu Jan 16, 2014 10:28 pm 
Offline
Forum Newbie
User avatar

Joined: Thu Jan 16, 2014 10:14 pm
Posts: 2
Location: New York City, NY
Wonderful tutorial, Roja - Just what I'm looking for.

Cheers!
Absinthe42


Top
 Profile  
 
 Post subject: Re: MD5 Tutorial
PostPosted: Mon Apr 21, 2014 6:36 am 
Offline
Forum Commoner

Joined: Thu Oct 10, 2013 8:40 am
Posts: 26
Location: Manchester
Thank you for sharing this wonderful tutorial.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group