What is MD5 or MD5sum?requinix wrote:January 2014:
Please note that MD5 and SHA1 are no longer suitable algorithms for use with password hashing. Not even with salting. While this tutorial will remain for posterity, please look for a more recent tutorial on best practices for storing passwords.
Its a formula - a way to take a message of an arbitrary length, and create a 128-bit "fingerprint" or "message digest" of the message. MD5 is a way to verify data integrity. On these forums, it comes up fairly often in discussions about storing user passwords and other sensitive data.
Is MD5 encryption?
No. It is simply a one-way fingerprint of the message. It doesn't include the original message, and you can't (generally) use the fingerprint (the md5sum) to 'figure out' the original message.
Okay, so you take a message - like a password - and generate an MD5sum from it.. Can't you brute-force that?
Like any password system, you could attempt to brute force the answer. However, MD5sum's are in a 128-bit space, meaning that to brute force it would take 2^128 attempts - thats over 3 with 38 zeroes after it.
Neat! Thats a lot. Are there any flaws in the algorithm that could speed it up?
A birthday attack is based on the theory that there *might* be *one* md5sum that matches multiple inputs. In theory, it is possible that a "birthday" attack could be possible - two md5sum hashes could be the same. But even then, the total number of brute forces is at 2^64 attempts - still a heck of a lot.
Okay. But couldn't (insert super-sneaky government agency here) build an md5 dictionary, and know what the password was with the md5?
Yes. Its entirely possible. However - it would take some work to do so. For example, just for a dictionary consisting of Alphabet letters (upper and lower), and numbers, there would be 46,656,000,000 entries - all at 32 characters each. Thats over 1 terabyte of data to store and search! It could be done - absolutely. But is it likely?
So its hard to brute force, what about dictionary attacks?
Dictionary attacks are a way of attacking poor passwords - most people use words in their passwords. If you can guess the word - for example, "love", then you can cut down the number of tries it would take. Of course if you guess right, then your # of attacks = 1. However, in general, using common computers as of the writing of this (2003), you can generally get roughly 5 million attacks per second, or fast enough to guess all 8-character Alphanumericals within 497 days.
Thats pretty strong - but is there anything stronger?
A similar method is SHA1 - a more secure 160-bit hashing algorithm. That makes it *much* more secure against brute-force, birthday attacks, and other forms of assault. There are yet more hashing algorithms that are even stronger - but MD5 and SHA1 are both natively supported in the latest PHP, and should be sufficient for most projects.
Allright - I'm sold. Tell me how to use it to store passwords and check them
There are three things we are protecting against - the stored passwords, the transmission of the passwords, and the replay of the password. Each is very different. Lets start with the stored password. We need to take a password, and store it in a variable. Then we need to check that variable against what the user entered:
Code: Select all
$secret_password = md5("LOVE");
if (md5($_POST['password']) == $secret_password)
{
echo "Correct password";
} else {
echo "Incorrect password";
}Code: Select all
$secret_password = md5("LOVE");
if ($_POST['password'] == $secret_password)
{
echo "Correct password";
} else {
echo "Incorrect password";
}The solution to that can be very complex and involved - the same site for the javascript md5 function goes into great detail discussing how to implement a truly secure solution. It's called a "CHAP" login system, and here is a link to his page on it - including complete working PHP and javascript code to implement it.
MD5 is a very useful means to protect user's passwords online - if used correctly. Its not encryption, but it does help prevent whole databases of passwords being compromised.
Good reading:
The PHP manual page for MD5
The PHP manual page for SHA1 (similar, but stronger algorithm)
RSA's explanation of MD2/4 and MD5
-------------
Roja