Jump to content


Photo

hash, sha1


  • Please log in to reply
4 replies to this topic

#1 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 24 July 2006 - 01:12 PM

I am a little confused on how to hash, and there's not tutorials on it, if I pick salts and I forget what the salt is for each one, I will lose them, the same way with key handling. 
Sha1, Hash, mdhash, how do I hash them then compare the passwords up against the hash after I get the input from the form?

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#2 cmgmyr

cmgmyr
  • Members
  • PipPipPip
  • Advanced Member
  • 1,278 posts
  • LocationUSA

Posted 24 July 2006 - 01:21 PM

I use MD5 hashing for my passwords

$password = "pass";

$md5_pass = md5($password); (insert this into your database)


After your user goes through the login convert the inputed password to md5 (like above) and query your database with it. (SELECT * FROM users where username = $username AND password = $md5_pass)

Something like that.

Hope that helped,
-Chris

#3 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 24 July 2006 - 01:22 PM

alright perfect thanks, do you ever use sha1 or other types, and what about salt, I have seen a lot about using salt, is there a purpose?

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#4 Joe Haley

Joe Haley
  • Members
  • PipPipPip
  • Advanced Member
  • 103 posts
  • LocationCanada, eh?

Posted 24 July 2006 - 01:33 PM

If someone gets a users password (after having been hashed), its _EASY_ to find a collision for it. (allowing them to log in as that user)

If someone gets a users password (after having been salted, then hashed), they may find a collision, but it will do them little good unless they can also get the salt, and algorythum used to hash the password.
Give a man a fish; you have fed him for today.  Teach a man to fish; and you have fed him for a lifetime
Don't teach men to program. Teach them to fish.

Please, try the RTFM solution before asking for help:
http://php.net/manual/en/index.php

#5 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 24 July 2006 - 01:47 PM

Ok that was what I don't understand then, how do I overcome the issue, do I use the exact same salt for every single password, like salt it with
$salt = brcca
for instance, just something random, or a big word, or sentence or something, then when I hash the other password for comparison, then I wuold just use the exact same salt, and if used with the same salt for all the passwords, it will work them all correctly right.
I just need hash, get inputted password, hash, then match them up, which is all fine and good, I just want to make sure the salt, using the same oen over and over again, will always have a 100% compared affect.  Unlike the stupid crypt() function, that is totally off.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users