Go Back   TechArena Community > Software > Software Development
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Reply
 
Thread Tools Search this Thread
  #1  
Old 04-01-2011
Member
 
Join Date: Sep 2010
Posts: 26
Secure MD5 hashing in PHP

I think that I'm here in the right forum to post now. I have recently read on the Internet that an MD5 hash of a password is probably not so sure. Now I'm looking for a solution to a more secure password. I was thinking of something like this:
PHP Code:
$server $_SERVER 'NAME_OF_SERVER' ]; 
$password 'password' 

// Generate md5 hash from servername 
$s_hash md5 $server ); 

$password sstr $s_hash 15 ).md5 $password ).sstr $s_hash 16 ); 

echo 
sha1 $password ); 
Is this safe enough or does it secure. What do you think? Please suggest me if you have something else in your mind.
Reply With Quote
  #2  
Old 04-01-2011
Member
 
Join Date: Oct 2008
Posts: 167
Re: Secure MD5 hashing in PHP

According to me, the only problem with md5 hash is that it is already very large rainbow tables. These are tables where you can look up the hash for a particular (or a) password. However, it helps to "salt" the whole, as you already Maach in principle: just search for md5 + salt. I am sure that you will get some help from it. Also I would like to suggest each application to another Salt:
PHP Code:
<?php 
class User extends UserGen 
const 
HASH_SALT "2%&$/9862fgncqit#+-?p#-." 
public static function 
HashPassword $password ) { 
return 
md5 serialize (array( HASH_SALT $password ))); 

?>
Reply With Quote
  #3  
Old 04-01-2011
Member
 
Join Date: Dec 2008
Posts: 202
Re: Secure MD5 hashing in PHP

Yes, there are ways md5 hashes calculated backward. This means mostly just that one "finds" a string that yields the same hash. To do that it needs more or less complex algorithms and processing power above all. Here you needed a bit more criminal as a script kiddie. Conclusion: md5 () goes by without another if the application is secure in itself and has no more barn doors. If you feel insecure, because several people have on DB and / or the access password hash, you can sha1 () or better use the following:
PHP Code:
<?php 
$Password 
'mypass' 
$PasswordSalt '$2a$my$alt' 
crypt $Password $PasswortSalt ); 
?>
Do you use to have a dynamic salt, which can change over time, you're absolutely sure.
Reply With Quote
  #4  
Old 04-01-2011
Member
 
Join Date: Jan 2006
Posts: 211
Re: Secure MD5 hashing in PHP

Also for SHA1, there are already some rainbow tables but not as extensive in principle applicable to all that works without salt. The method you use is virtually self-zb been exaggerated to me because it is sufficient in principle have the md5 password to provide salt with any order not to land a hit in a rainbow table. So server name, or a solid salt are sufficient to protect rainbow tables.
PHP Code:
<? 
$password 
"sex" 
$passwordMD5 md5 $password "thisisaboutme" ); 
?>
So it makes no longer possible simply by a rainbow table to retrieve the password "sex" to close.

sex = 3c3662bcb661d6de679c636744c66b62

the whole secret with:

6434b468e5592d7d70b2691db2925b61

If you are using now an extravagant Salt with special characters, such as
"Th! S_! 5mY5 ? <R3T !.#*" it is almost impossible. There are several approaches to try all the time with old salts but in my opinion after cooperating completely unnecessary. A good alternative as I use the hash between username and password. The prerequisite for this is the user name is a unique identifier.
PHP Code:
<? 
$hashed 
md5 $username $salt $password ); 
?>
Reply With Quote
  #5  
Old 04-01-2011
Member
 
Join Date: Jan 2009
Posts: 140
Re: Secure MD5 hashing in PHP

Generally, it is advantageous to incorporate in the Salt something that is different for each user, because even when you know what it is, it is created when a rainbow table itself, the same can be sent to a user who never for all. Useful can be things such as user name, email address, registration date, the usual requirements for it are matters which the user normally does not change and if so, must stop the stuff to be rebuilt. This will ultimately won by talking the problem if the MD5 hash is known to the password, the system is broken and so everything, including Salt available to the hacker (unless it uses an external DB connection). Hash values are used ONLY to protect against administrators (!), Ie the inspection of the clear text password (the "normal" view of the database values).
Reply With Quote
Reply

  TechArena Community > Software > Software Development
Tags: , , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Secure MD5 hashing in PHP"
Thread Thread Starter Forum Replies Last Post
Is paypal secure to use? bHRIHADBANU Off Topic Chat 7 04-07-2012 04:01 PM
What is MD5 hashing in Internet Security? Acolapissa Networking & Security 3 29-12-2010 08:44 AM
Is USB Secure 1.3 really secure Eyvindur Networking & Security 3 23-12-2010 06:30 PM
Hashing Method in JSP Level8 Software Development 4 06-03-2010 10:38 AM
Error Message : 'This Page Contains Both Secure and Non-Secure Items' Chrisch Technology & Internet 3 04-08-2009 12:18 PM


All times are GMT +5.5. The time now is 08:47 AM.