MadTechie

Sorry your wrong, Just kidding your right or we're both wrong..!!

Remember the personl whos "bashing" could be wrong!

Doing something for a living doesn't mean your any good at it, if you have a strong case then you can't really get "bashed", instead of saying you got bashed you either read up on what they are saying and come back with reasons yours is better or say your bashing me and not learn anything new, Whenever i have conflicts with anyone (including CV) about something I am unsure of I choose to look into what they say and/or read up on what i believe, (to validate it), either way by the end of it, i either have a new improved approach or a better understanding of what other options their are and when i should or should not use them. In most case i would use a "mod rewrite" but in some case that's not be possible

@gevans: Sorry, i had to write that post about twice, i meant to say the first one, basically where your hashing are 15 charsator set string of 32 charator compared to X length. re-typed: You increase the odds when you use MD5 over MD5, however i also use MD5 over MD5 this will have a 1 in 1.4972881278886E-19 chance of a collision (that's if salt isn't used) to workout the chances of the first or with salt your need to take into account the min to max length of the salt and password.

Last post: While that's kinda true, using MD5 over MD5 stops that so if a collision is found its useless! plus theirs a differences between getting into someones account and getting their "password". REALLY! Oh look here! <?php echo md5_file(dirname(__FILE__)."/file0.txt"); echo "<br>\n"; echo md5_file(dirname(__FILE__)."/file1.txt"); @gevans: You increase the odds in the second one, however i also use MD5 over MD5 the second code has a 1 in 1.4972881278886E-19 chance of a collision (that's if salt isn't used) to workout the chances of the first or with salt your need to take into account the min to max length of the salt and password. New: post Reply to CV: Well this the main part, this whole thread is about "cracking MD5", not about getting into accounts. no matter what you use, if you allow little common passwords and the user uses them, well that's nothing to do with the encryption strength! NB:Also by adding salt that makes the password harder as the reversed hash would be password+salt, so if the salt was 128chars, then thats a long password, but its nothing to do with MD5! [attachment deleted by admin]

editr

from a little guess work i assume you have a simple rotate image script and you want it to update the currect image to the rotated one without reloading the page try this (non-ajax route) <head> function updateData(param) { url = 'rotate.php?img=' + escape(param); document['myimage'].src=url+"cahce="+(Math.random()*10); } </head> your need to update document['myimage'] to the same as you image tag name then use updateData('fear1.jpg');

I would like to give a quick simple example of why you can NOT "crack" a hash Just say my password was "mypassword" and MD5 hash of that is 34819d7beeabb9260a5c854bc85b3e44 Now just say i created a hash of the "this is not my password" + 1000 spaces that could create the same hash, Now as both have the SAME hash, which one was my password ? Theirs no way to know, so even if you find a password that will create the same hash it probably isn't the same password, keeping that in mind just say i MD5(MD5('password').$salt) your need to break a 32+salt charactor password It always goes up and yes is exponentially a simple password like this Pass0% may take awhile but what about this for a password 5eabbae43f756c1368515e1833c31e14salt (note "salt" at the end) that is the hash of Pass0% with salt appended the hash for that is 0395421069be29f359091e944a64dba0 now the problem to get the original password you MUST resolved the first hash back to the same as the one it was generated from or you won't have a hash to run the second crack on. if you don't resolve 0395421069be29f359091e944a64dba0 back to 5eabbae43f756c1368515e1833c31e14salt then you can't even attempt to resolve 5eabbae43f756c1368515e1833c31e14 back to Pass0% Thus you could build a endless list of string that create the same hash but that's all! you can NOT get the original password used

Solved ? please click topic solved!

Okay.. i'll let you work it out, but first think about these two questions #1 what is $admin. and #2 What does the error say is invalid ? and i assume this works when they are not in their own functions idea.. global $admin; EDIT: awww Ken2k7!! lol

Cool and add this article and we have some good cracking options

You might as well use 1000 PS3 it would probably be quicker, super computers are good for heavy calculations but the playstation 3 was designed to do simple calculations quickly, no matter how you do it, you still have the getting the HASH & salt problem

I'm not sure what your looking for, but at a guess i would suggest googleing "PHP profiler" (basically its a bunch of timers)

MD5 over MD5 okay but it does increase the collision rate. however MD5(SHA1($pass)) is a bit pointless as your encrypting a 160bit encryption with a 128bit encryption,

You could have a cookie with a hash thats generated via a random number and another cookie with the username, (added during login with 'remember me' ticked) at the same time insert these values into a sql table along with user ID, when the user comes back you check to see if those cookies exists then get the userID from the database (VIA the random hash and username table) and assign the the sessions as you would during the login process, the best the user can do is change his username or the random hash in the cookies but then the UserID won't be found in the sql table thus no login! Thats a basic idea.. you could add other checks like browser etc but thats the basic idea EDIT: added a little in red!

Can you click topic solved

yeah a amateur auto login purposes

Okay encryption is very complex, but if you want to write your own then go ahead, trust me, it sounds like a good idea but if i was a betting man, I'll be getting extra cash by not voting for yours (no offense indended), the why you implement the protection is just as important as the encryption method used, you say its simple you can brute force it.. okay that assumes you can get the MD5 from the server or the server doesn't have any lockout or delays built in, just say it take 1 second per password test okay lets say your password is a number from 5 charactors in length, now that's and easy one totally insecure so that 100000 seconds 1666.67 minutes 27 hours So over a day! and that's a very simple one with a fixed length and only a 5 charactors password .. Okey lets assume you got the MD5 and your can crack ie in 10 seconds using rainbow tables etc.. how would a developer protect against this.. simple md5(md5(password)+salt) so you break the hash which reveals another hash you remove the salt and brute force it again. yay password.. this all assumes you got the hash.. but also remember my 5 charactor password.. well that was way the first hash is 32 charactors + salt.. if you want to be more secure then feel free to include md5 or even better use sha1, but to write your own from scratch is a bad idea..

Copy ssleay32.dll libeay32.dll into the system32 folder %windir%/system In the php.ini setting check/add [php_HTTP] extension=php_http.dll restart the apache

LOL didn't notice, fuji0050 reply revived It

Yeah sometimes a second set of eyes helps, if this is solved please click topic solved (bottom left)

Yep, works with anything, heres an IF statement example <?php if(true){ ?> this is true <?php }else{ ?> This won't be seen <?php } ?>

Its either for a "remember me" or theirs dumbs a@@@@'s IMHO, i would never put a password in a cookie, encrypted or otherwise, they may just know what sessions are!

the link will be fine, but if the other pages exists or knows how to use the get i can't say without seeing it!

<? $list['id'] ?> should be <?php echo $list['id']; ?> same idea with $list['number']