Hashs.
Moderator: General Moderators
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
Hashs.
Are md4 md5 sha1 sha256 sha384 sha512 ripemd128 ripemd160 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru gost adler32 crc32 crc32b haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5 all hashes? If so how would I call them, and which one would be the more recent or "best" one to use?
Yes, theyre all hashing methods. There isn't necessarily a 'best' one to use, it just depends what you want to do with it. For example, for storing passwords in a database, it's common to store the MD5 hash. This is more secure than simply storing the plain-text password.
Hashing is one-way, which means that it can't (easily) be decrypted. When a user is logging in, you can't simply match the password he typed to the password in the DB. You check to see if the MD5 hash of what he typed matches the MD5 hash in the DB.
MD5 will always return a 32-character hash, no matter how long the input string is.
creating an md5 hash is easy:
Hashing is one-way, which means that it can't (easily) be decrypted. When a user is logging in, you can't simply match the password he typed to the password in the DB. You check to see if the MD5 hash of what he typed matches the MD5 hash in the DB.
MD5 will always return a 32-character hash, no matter how long the input string is.
creating an md5 hash is easy:
Code: Select all
$myString = "Hello World";
$myHash = md5($myString);
print $myHash;- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
Re: Hashs.
Yes.tecktalkcm0391 wrote:Are ... all hashes?
Install the mhash extension, and then look at the documentation for use: http://us2.php.net/manual/en/ref.mhash.phptecktalkcm0391 wrote:If so how would I call them
More recent is almost always the opposite of best in the crypto world. Cryptology is based on math primarily, and in math, a 'proof' is only solid when it has been tested extensively for years. There are plenty of little "gotcha's" that can hide for a number of years without someone finding it.tecktalkcm0391 wrote:and which one would be the more recent or "best" one to use?
As an example, SHA-0 was used for a period of time before the NSA discovered a substantial weakness in it, and advised against its use. (They also helpfully pointed the community towards SHA-1).
There is no answer to "Which is the best". It depends on your needs, your requirements, the type of data, and more. Research each, until you find one that suits your needs.
However, there is an answer to which you SHOULDN'T use: According to Bruce Schneier (posting to sci.crypt, 12 Nov 1998), "GOST has a 256-bit key, but its key schedule is so weak that I would not use it as a hash function under any circumstances."
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Being a nitpicker, you can make a reverse lookup table for $secret + $salt, so they COULD work if you use a salt.The Ninja Space Goat wrote:Reverse lookups won't work if you use a salt.
Its just that storage, processing, and lookups in tables that large are computationally infeasible, so no one does it.
Yet.
Theres tons of tricks you could do to make yuor hash harder to reverse lookup. For example, salting, but what about double-hashing? for example:
Code: Select all
md5(md5($password).$salt);