Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder Element's Avatar
    Join Date
    Jul 2004
    Location
    Lynnwood, Washington, US
    Posts
    855
    Thanks
    2
    Thanked 2 Times in 2 Posts

    128bit MD5 Encryption

    Can someone with good PHP knowledge evaluate this code? I'm not sure if it is even better, and how if possible could it work for single strings?

    PHP Code:

    // The function:

    function AuthenticMD5($username$password

        
    $one $username;
        
    $two $password;
        
    $thr $one $two;
        
    $fou $thr $one;
        
    $fiv $fou $one
        
    $six $thr $thr;$sev $one $two $thr $one
        
    $md1 md5$sev $two md5($one $fiv md5($sev strrev$sev)))); 
        
    $md2 md5$md1 md5$one $thr $fou md5$sev $md1))); 
        
    $md3 md5$md2 md5($md1)); 
        
    $md4 md5$md3 $md1 $md2 md5($sev)); 
        return 
    $md2 $md1$md4 md5($md3 $md2); 

    From what it looks like it creates a single hash out of a username and password.
    Last edited by Element; 01-06-2006 at 09:05 AM.

  • #2
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    I don't know if it's worth using or not, but you can def. use it with only one term by splitting it in half, ie. AuthenticMD5('pass', 'word')

    bonus utility function:
    PHP Code:
    function callMD5ThingWithOnlyOneTerm($term)
    {
        return(
    AuthenticMD5($firsthalf substr($term0, ($begin = (int) strlen($term) / 2)), substr($term$beginstrlen($term) -strlen($firsthalf))));


  • #3
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,073
    Thanks
    11
    Thanked 98 Times in 96 Posts
    Thats probably the daftest function I have seen for a long time.
    MD5 issues are with collisions which are mostly brute forced so 1 random hash is unlikely better than another ~
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #4
    Regular Coder Element's Avatar
    Join Date
    Jul 2004
    Location
    Lynnwood, Washington, US
    Posts
    855
    Thanks
    2
    Thanked 2 Times in 2 Posts
    well from what I read its suppose to be better... md5() is 32bit, and AuthenticMD5() is 128bit.... doesn't that make a differense in any way?

  • #5
    New Coder
    Join Date
    Sep 2005
    Posts
    56
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Urmm I'm a bt confused!

  • #6
    Regular Coder Element's Avatar
    Join Date
    Jul 2004
    Location
    Lynnwood, Washington, US
    Posts
    855
    Thanks
    2
    Thanked 2 Times in 2 Posts
    ...? And who are you...?

  • #7
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,073
    Thanks
    11
    Thanked 98 Times in 96 Posts
    well from what I read its suppose to be better... md5() is 32bit,
    MD5 produces a 32 digit hexadecimal number not a 32bit hash (each 2 digits = a hex number) , 32/2 = 16, 16 X 8 = 128 bit

    The longer a hash is the safer it is, but adding strings together does not make a true hash, just a bigger string.

    So for brute force attacks a 128 character string is going to be harder to brute than a 32 character string, no arguments there.

    but all the shenanigans in the function are pretty pointless imo & I have seen other functions with many many more calculations designed to make the string more secure but which too ignore the underlying point of MD5 which is that MD5 cannot be 'decrypted' , it can be brute-forced but at that point ANY random string is as secure and as insecure (from collisions) as another.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •