mikelmao Posted August 21, 2008 Share Posted August 21, 2008 Hey, I wana make a register and login system with MD5 Encrypting. How can i encrypt a password input ($_POST['pass']) and also make the login system change the MD5 back to normal.. Plz help me here. Thx Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/ Share on other sites More sharing options...
DeanWhitehouse Posted August 21, 2008 Share Posted August 21, 2008 md5 is one way hashing. to hash do md5($_POST['pass']); and on the login do the same , you will need to hash it and then compare. Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622584 Share on other sites More sharing options...
mikelmao Posted August 22, 2008 Author Share Posted August 22, 2008 what ? im confused, Could you show a small example? Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622613 Share on other sites More sharing options...
DeanWhitehouse Posted August 22, 2008 Share Posted August 22, 2008 i have Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622615 Share on other sites More sharing options...
mikelmao Posted August 22, 2008 Author Share Posted August 22, 2008 yeah but like explain it more Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622617 Share on other sites More sharing options...
DeanWhitehouse Posted August 22, 2008 Share Posted August 22, 2008 what do you want to know? Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622619 Share on other sites More sharing options...
ohdang888 Posted August 22, 2008 Share Posted August 22, 2008 The safest way to do it is while users are registering, put the md5 hash of the password in the database.... and on login, do this: $input = md5($_POST['pass']); $res = mysql_query("SELECT * FROM users WHERE email='$email' and passowrd='$input' ")or die(mysql_error()); Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622624 Share on other sites More sharing options...
mikelmao Posted August 22, 2008 Author Share Posted August 22, 2008 why is it safer? Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622632 Share on other sites More sharing options...
Stephen Posted August 22, 2008 Share Posted August 22, 2008 If someone steals your database, all they see is some random jibberish. You should also salt your passwords. Here's an example (you will need a salt function to make $salt = say a ten character salt. they're all random characters.) Register: mysql_query("INSERT INTO users (name, password, salt) VALUES ('".$_POST["name"]."', '".md5(md5($_POST["password") . $salt)."', '".$salt."')"); Login: //this is just checking password if ($rows["password"] == md5(md5($_POST["password"]) . $rows["salt"])) { //correct password } You could also try whirlpool encryption. Note: that is not a safe query. Also, these wouldn't work just like that. But those are just examples on inputting it and checking it. Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622634 Share on other sites More sharing options...
DeanWhitehouse Posted August 22, 2008 Share Posted August 22, 2008 But md5's can be cracked, so if they do get hold they can crack it Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622640 Share on other sites More sharing options...
akitchin Posted August 22, 2008 Share Posted August 22, 2008 But md5's can be cracked, so if they do get hold they can crack it not with ease. you may have heard that MD5 is not totally secure, but the main reason behind that is because of destination duplicates. "cracking" one in the classic sense remains quite a difficult task. Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622643 Share on other sites More sharing options...
Stephen Posted August 22, 2008 Share Posted August 22, 2008 But md5's can be cracked, so if they do get hold they can crack it It's better to make them work then to just give them the plain-text password. Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622658 Share on other sites More sharing options...
DeanWhitehouse Posted August 22, 2008 Share Posted August 22, 2008 @akitchin , i have found a site that can crack it in a few hours using brute force. If you want improved security you could write your own encryption. Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622829 Share on other sites More sharing options...
Zane Posted August 22, 2008 Share Posted August 22, 2008 i have found a site that can crack it in a few hours using brute force. Then if you can tell me what this password is then I'll give you $500 64e55a26ea337d6ed168a96e5252272f and a brand new car Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622835 Share on other sites More sharing options...
Mchl Posted August 22, 2008 Share Posted August 22, 2008 Well. There's always hash() that offers several other hashing algorithms. See list here zanus: It's not the matter of finding the exact password, but rather a string that when hashed will produce same output. That's why salting is so important. Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622838 Share on other sites More sharing options...
Zane Posted August 22, 2008 Share Posted August 22, 2008 sshhh.. Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-622844 Share on other sites More sharing options...
ohdang888 Posted August 22, 2008 Share Posted August 22, 2008 couldn't you really slow the person down by doing md5's of md5's... for example... $pass = md5(md5(md5(md5(md5($pass))))); seems as though it would be good for regular sites...ya, i could be cracked, but it would take a lonnnngggg time for little benefit as long as the site doesn't deal with money or sensitive info Quote Link to comment https://forums.phpfreaks.com/topic/120784-solved-passwords-to-md5/#findComment-623293 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.