more secure md5() ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

Still, the point of MD5 is not encryption or security. Even though most php'ers use it for that purpose. The point is that it creates an exact signature of a string or file that is useful for comparison (ie. check what the user inputs against what is in the db / or check a file downloaded from a mirror site with an md5 hash of the original file to see if has changed or been tampered with. Security is more important to look at on the server, the network, the client or the db server.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I wasn't disagreeing with you. I simply wanted to illustrate the differences from MD5 to SHA256.

True though, their intention is to signature larger data sets. Although hashing is technically a form of encryption because a compression algorithm is performed on the data... although I don't like to consider it encryption. :)
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

feyd wrote:Although hashing is technically a form of encryption because a compression algorithm is performed on the data... although I don't like to consider it encryption. :)
So does that mean that Zip, RAR and JPEG is encryption too? Surely not! :D

I wasn't disagreeing with you though, was simply stating for the others. If you like, check out RFC1321 of what MD5 exactly is.

http://www.faqs.org/rfcs/rfc1321.html
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Excluding JPEG because it's an interchange format, they are. Compression is a kind of encryption.
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

I hate to disagree, may be you can point me in the direction of your source instead?
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

feyd wrote:Although hashing is technically a form of encryption because a compression algorithm is performed on the data...
Compression != encryption.

A cheap definition of encryption could be "The act of altering data to make it unreadable unless you know how to decrypt it".

Merely compressing something doesn't make it encrypted, and in fact, a hash isn't even truly compression (it looses the content, giving a unique representation of the data - NOT a smaller version of the same data).

Some other misconceptions.. MD5 is no longer considered secure - in crypto circles.

Cryptology is all relative. So, for example, previously, md5 had a brute-force time in the months-long range. Now, based on the latest findings, its been reduced to under 8 hours using a standard desktop. Thats a severe break!

Now factor in that some attackers have botnets in the 1,000 computer range, and suddenly, its a very serious issue for sites that require "trust".

SHA1 has also had some hits lately, although not nearly as dramatic, they also reduced the brute-force time a substantial amount.

What does this mean for a php developer? Well, lets take a forum, or an online game. The user's passwords are hashed, and the hash is stored.

If an attacker were able to get that list of hashes, previously, it would have been nearly useless - it would have taken months for EACH hash to be brute-forced. Now, however, with even a few computers, in a matter of 3-4 days, the attacker can have the vast majority of the passwords!

When you consider that most people re-use passwords, suddenly, even a simple online game or forum becomes a valuable target. What if the user reused that password on ebay? Or his bank?

The point is, if you are choosing to hash a password, you care about security. If you care about security, don't give people a false sense of security. Their online lives may be compromised by your shortcuts!!

Right now, SHA-256 is considered secure for the forseeable future. Several threads have posted a php version and a javascript version, which is all you need to implement both ends of a fairly secure login system.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

php_wiz_kid wrote:I usually just MD5 it once. I doubt someone will go to the lengths to either unhash or bruteforce your password unless your site has a lot of sensitive information. If your site is high traffic or you expect there to be high traffic then I'd use MD5 rather than SHA256 because of execution speed. If your site is an internal application and only works over an intranet or it's a low traffic site then SHA256 might be a consideration if you're really wanting to keep passwords protected. Just keep in mind that it would take a while to bruteforce a 64-bit password. I find MD5 to be rather secure.
First, the SHA256 function posted in another thread is only 1.2% slower than sha1, and only 9% slower than the native md5() function from php. The fact that all three are in the less-than-1/4-a-second range on a 1ghz machine, it starts to be silly to say "its slower". The execution time is really a trivial difference. You'd be better off working on trimming some SQL calls. :)

As to "I find MD5 to be rather secure" - The latest finding shows that it takes 8 hours on a 1.6ghz desktop to brute force a given md5. Thats *not* secure.

As to "I doubt someone will go to the lengths to either unhash or bruteforce your password unless your site has a lot of sensitive information", *all sites do*. Even a trivial game or forum online is likely to have at least a few users who reuse their passwords and usernames on other sites - sensitive sites, with valuable information.

Combine the relatively weak security on a forum (phpbb, ipb, etc), with the likely chance that a user used the same password and username on a tight security website (bank, ebay), and suddenly, it becomes very worthwhile for an attacker.
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

I agree, and from the MD5 rfc, it shows that the authors intention was to only make a signature of data with MD5 and then encrypt it using a public-key system, a two part process.

The MD5
algorithm is intended for digital signature applications, where a
large file must be "compressed" in a secure manner before being
encrypted with a private (secret) key under a public-key cryptosystem
such as RSA.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

I really need to read up on good security.

This thread has been very interesting.... especially some of the points put forward by Roja :D
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

It is possible to utilise hashing to secure password transmission - and you can make a secondary check to bypass javascript supported hashing for client with js disabled - just make sure the form still allows sending of the plain text password if js is disabled - or fails.

You can see an example of such a process here: http://www.sanisoft.com/phplib/manual/auth_Response.php
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

Post by pleigh »

your points are great...thanks guys....overall....what do you recommend?
SHA1()?SHA256()?MD5()?PASSWORD()?....anything else?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

SHA256 > SHA1 > MD5

Do not use PASSWORD(). Remember though, SHA256 is not built into any of the systems yet. So you can't call it in a query string, it must be processed in code.
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

Post by pleigh »

ok feyd, thanks a lot....where can i find the complete SHA256()?
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

Feyd already has that down for us here :arrow: SHA256 :)
User avatar
pleigh
Forum Contributor
Posts: 445
Joined: Wed Jan 19, 2005 4:26 am

Post by pleigh »

what version in feyd's sha256() should i use?is it enough to use the last thread of feyd?
Post Reply