Jump to content

Archived

This topic is now archived and is closed to further replies.

rv20

What is the point of MD5?

Recommended Posts

Thus, if you have a lockout time of say 30 minutes for every 3 attempts, you adding a HUGE amount of time to any possible crack.

 

Assuming the brute forcing is made using your login form in which case the choice of hashing algorithm and the usage of salts is actually irrelevant. If they get the hash the lockout is irrelevant, but the choice of hashing algorithm and salting isn't. Either way, a lockout mechanism is obviously a good idea.

 

That being said, I use SHA-256 or SHA-512.

Share this post


Link to post
Share on other sites

Ok, if you're uncertain on how to securely encrypt a password that cannot easily be brute-forced, you could try something like this:

 

<?php
function md5_me($input){
$salt = "cheeseburgerinparadise";
$pass = md5($input.$salt);
$pass = str_ireplace(array("a","c","e"),"",$pass);
return md5($pass);
}
?>

What this does is it takes the users password, adds a salt to the end, MD5 encrypts it, strips out all instances of "a","c", and "e", then MD5 encrypts what is left.

 

There is no perfect solution, but if you must be paranoid with encryption methods, this should make you feel better. If someone gets the MD5 string, and brute-force decrypts it, all they will have is a partial MD5 of the salted password.

 

Yup that is prety good, would take some mathematics to crack that if at all possible.

 

You really are missing the point of hasing. Hashing is a one-way process. It cannot be 'cracked'. Yes, you can use rainbow tables. Yes, you can analyse the algorithm in order to increase the chances of collisions. No, you cannot reverse it.

 

For example, if i tell you a number is 6 mod 7, what was the original number? You can't tell me. You can tell me an infinite amount of numbers that are also 6 mod 7, but you cannot guarantee that you're telling me my original number. Therefore, you cannot reverse it. While this is an extremely simple example, it should illustrate the point.

 

NO am i not missing the point of hashing, for a single pass of md5 this simple brute forcer takes a matter of minutes to crack a 6 character password with [a-z][A-Z][0-9],

 

http://eternalrise.com/blog/brute-force-php-script/

 

I haven't tried a 7 letter password the time taken usually goes up,  i would guess exponentially.  And then yes rainbow tables, they store every possible hash you can get or something along those lines, with databse base searching this can be pretty fast to crack a password.

 

So that leaves you with md5 combination like md5(md5) or adding salt, now after a quick google i see plenty of applications which claim they can crack a salted password, i am not going to bother looking into them, but it wouldn't suprise me if someone has worked something out.

 

 

So you make out like md5($password) is secure as it is a hash whereas i can crack it in about 1 min. 

 

 

Share this post


Link to post
Share on other sites

Is the project you are working on that big you think that people will actuall spend any amount of time at all trying to crack your hashed/ecrypted passwords? Are you making the next Facebook or Twitter?

Maybe cryptogrophy is just a topic you are interested in. Let me say that you could probably store your passwords in plain text and nobody would even bother attempt to gain access to them. Unless you are working on the next goldmine why would anyone rob a bank that has no money!

Share this post


Link to post
Share on other sites

Is the project you are working on that big you think that people will actuall spend any amount of time at all trying to crack your hashed/ecrypted passwords? Are you making the next Facebook or Twitter?

Maybe cryptogrophy is just a topic you are interested in. Let me say that you could probably store your passwords in plain text and nobody would even bother attempt to gain access to them. Unless you are working on the next goldmine why would anyone rob a bank that has no money!

 

I know all this, but the main thing was just suprise, so i had heard how strong and unreversable md5 was and then saw how easy it was to crack so i have to ask what is the point, it is actually easier to crack than some simple 5 line home brew encryption function, but as i now know if you salt it then very difficult.

Share this post


Link to post
Share on other sites

I've always liked this method:

 

Generate random salt ( usually of the same length as the hash )

 

Chop the password and salt into 2 chunks.

 

Mix chunks and hash.

 

Split hash into 2 parts, mix with salt.

 

You now have the salt stored in plain text, but it's theoretically impossible to extract it from the hash without knowing the chunk sizes and algorithm used. It's a little paranoid, but it's actually a very light script ( php is very quick and string manip ) requiring only 1 hash to check a password.

 

Salting is VERY VERY important. I would argue a random salt is equally important. You're protecting your viewers passwords they might use elsewhere. Rainbow tables are becoming huge and easy to access.

Share this post


Link to post
Share on other sites
I know all this, but the main thing was just suprise, so i had heard how strong and unreversable md5 was and then saw how easy it was to crack so i have to ask what is the point, it is actually easier to crack than some simple 5 line home brew encryption function, but as i now know if you salt it then very difficult.

 

Then just salt it. It was created in 1991 (processing power back then was nowhere near the level of today) and in 1996 up to 2004 serious flaws were documented. SHA1 is recomended as oppose to MD5. Wherever you got your initial information from about MD5 people were obviously misinformed and you have taken their view as gospel. Again whatever algorithm you use depends on what you are protecting. MD5 is fine for most websites. People wont spend time trying to crack it. I wouldn't lock my garden shed with a bank vault safe door however a simple padlock will do the job.

Share this post


Link to post
Share on other sites

NO am i not missing the point of hashing, for a single pass of md5 this simple brute forcer takes a matter of minutes to crack a 6 character password with [a-z][A-Z][0-9],

 

Actually, you completely missed the point. Hashing truly is one-way. You cannot know if the match you found is the original plain text value or one of the colliding values. All you know is that what you found shares the same hash as the original value has. Hashing is not encryption, and there is no such thing as cracking a hash nor brute-forcing a hash.

 

I'll send you $50 over PayPal if you tell me what the what the plaintext value I used for this hash is:

9f65f29197e64cef1f862f359866c3abdc473da40a0efd1f6bca32fb13cfb5da

It's not enough finding a string that matches the hash. You must prove that what you got is the same as what I originally had. Anyone else who wants to try can claim the $50 as well.

Share this post


Link to post
Share on other sites

I'll send you $50 over PayPal if you tell me what the what the plaintext value I used for this hash is:

9f65f29197e64cef1f862f359866c3abdc473da40a0efd1f6bca32fb13cfb5da

It's not enough finding a string that matches the hash. You must prove that what you got is the same as what I originally had. Anyone else who wants to try can claim the $50 as well.

 

May I have 5.2^114 guesses?

Share this post


Link to post
Share on other sites
I'll send you $50 over PayPal if you tell me what the what the plaintext value I used for this hash is

9f65f29197e64cef1f862f359866c3abdc473da40a0efd1f6 bca32fb13cfb5da

Susan Boyle to win Britain's Got Talent

 

It's got to be!

Share this post


Link to post
Share on other sites

I'll send you $50 over PayPal if you tell me what the what the plaintext value I used for this hash is:

9f65f29197e64cef1f862f359866c3abdc473da40a0efd1f6bca32fb13cfb5da

It's not enough finding a string that matches the hash. You must prove that what you got is the same as what I originally had. Anyone else who wants to try can claim the $50 as well.

 

May I have 5.2^114 guesses?

 

Sure, as long as you can prove that it isn't a collision ;)

Share this post


Link to post
Share on other sites

It's SHA-256. Now I've already helped immensely :P

 

I'll let the offer stand though.

Share this post


Link to post
Share on other sites
It's SHA-256. Now I've already helped immensely

Hang on i'm still plugging in my 2000 playstations

Share this post


Link to post
Share on other sites

Given that it is a one way algorithm there is absolutely no way of obtaining the plain text value of the hash. 5 Playstations exploded upto now.

Share this post


Link to post
Share on other sites

What type of information should we web developers be concerned about concealing that we would worry so much about hashing with salt ect?(im refering to other than the obvious cc/personal information which we my guess should be encrypted before its stored?)

 

For example, if we have a database, would some one trying to get in have a higher chance of succeeding at accessing the database and changing the hash value to a known one, or would they have higher success rate obtaining the hash or a collision of the hash?

 

Should I as a developer put more effort into making sure XSS and SQL injections and other security measures are up in place before loosing my hair over hashing/ encryption issues?

 

I think i know the answers to these questions, but I thought I would get your views on some of this....

Share this post


Link to post
Share on other sites

It's SHA-256. Now I've already helped immensely :P

 

I'll let the offer stand though.

You sure don't seem concerned about losing $50 to someone who can guess it. :D

Share this post


Link to post
Share on other sites

It's SHA-256. Now I've already helped immensely :P

 

I'll let the offer stand though.

You sure don't seem concerned about losing $50 to someone who can guess it. :D

 

It wouldn't matter. Even if you borrowed the local university's supercomputer you couldn't solve that task. I required a proof that the one you found is what I put into it. That is just not possible. Of course you might argue that if you find what I get you'll instantly see that it's the one(otherwise it would have to be an extraordinary coincidence), but that still wouldn't be a proof. I could offer $100, $1000 or even $1000000. It wouldn't matter because the task is impossible to solve.

 

Going with a mathematically much simpler hashing algorithm like GingerRobot mentioned earlier it might better illustrate the point. If we say that f(x)=x mod 10 we have a very simple hashing algorithm. So, f(0)=0, f(1)=1, f(2)=2, etc. However, f(10)=f(20)=f(-10)=0, f(11)=f(21)=f(-9)=1, f(12)=f(22)=f(-8)=2, and so on. I'm sure you can see the pattern. So essentially we have [tex]f : \mathbb{Z} \to \{x\in \mathbb{Z} \mid 0 \leq x < 9\}[/tex]. So if I tell you that my hash is 5, how are you going to find out if my input value was 5, 15, 25, 35, etc.? It just is not possible. You have no way of knowing if you got the correct one unless you already know the number from the start.

 

MD5 (and SHA-256 like I used) work in the same way. They all map an infinite number of items to a finite number of items, which quite obviously means that for each possible output value there is an infinite number of input values, or in other words there is an infinite number of hash collisions.

 

Because nobody can solve it, I might as well put up the solution. The code I wrote looks like this:

 

function generateRandom($length = 32, $extraChars = false)
{
$chars = '0123456789abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVW';
if ($extraChars) {
	$chars .= '_-+=%&*\'"`\\()~@{}[]<>,.?#| ';
}

for ($i = 0, $charRange = strlen($chars)-1, $password = ''; $i < $length; $i++) {
	$password .= $chars[mt_rand(0, $charRange)];
}

return $password;
}

function hashPassword($password, $salt, $salt2)
{
$salt2Length = strlen($salt2);

for ($i = 0, $max = strlen($password); $i < $max; $i++) {
	$password[$i] = chr(ord($password[$i]) ^ ord($salt2[$i % $salt2Length]));
}

return hash('sha256', $salt . base64_encode($password));
}

$salt = generateRandom(32, true);
$salt2 = generateRandom(32, true);
$password = 'goodJob';
$hash = hashPassword($password, $salt, $salt2);

echo "Salt: {$salt}\nSalt 2: {$salt2}\nPassword: {$password}\nHash: {$hash}";

 

And the output was:

Salt: mU`Bz%4L75{vG0q? D?1[7C}r=G\T],y

Salt 2: B[#&}g-KJCs"p86[2]"NjEThO=TH'3Ef

Password: goodJob

Hash: 9f65f29197e64cef1f862f359866c3abdc473da40a0efd1f6bca32fb13cfb5da

 

So rv20, you most certainly cannot decrypt/crack/brute-force/whatever a hash. My sister once asked me what you can use mathematics for. I suppose one application is that an understanding of it makes sure you won't look like a fool when you persistently claim that hashing can be "cracked".

Share this post


Link to post
Share on other sites

I don't understand your point with the sha-256, to me you would be as well with a random number as that is what it seems to output.

 

So i take it you can't use the sha hashing method to store passwords as how can you compare hashes for passwords if this sha-256 gives a different hash values for the same password each time it is run?

 

I think my point it totally valid, if someone hashes a password with md5 then all you need to do is run a brute forcer and compare each hash generated by the brute force method to the hash you have, i don't see the problem of calling that cracking.

 

Share this post


Link to post
Share on other sites

I don't understand your point with the sha-256, to me you would be as well with a random number as that is what it seems to output.

 

So i take it you can't use the sha hashing method to store passwords as how can you compare hashes for passwords if this sha-256 gives a different hash values for the same password each time it is run?

 

My script produces random output because I give it random input. If you use the same input you'll get the same output. Try it out.

 

I think my point it totally valid, if someone hashes a password with md5 then all you need to do is run a brute forcer and compare each hash generated by the brute force method to the hash you have, i don't see the problem of calling that cracking.

 

Then you probably need to work on your math skills. Do you understand the post I just wrote? If foo => baz and bar => baz and I just tell you "baz". How are you going to know if I had "foo" or "bar"?

Share this post


Link to post
Share on other sites

I don't understand your point with the sha-256, to me you would be as well with a random number as that is what it seems to output.

 

So i take it you can't use the sha hashing method to store passwords as how can you compare hashes for passwords if this sha-256 gives a different hash values for the same password each time it is run?

 

My script produces random output because I give it random input. If you use the same input you'll get the same output. Try it out.

 

I think my point it totally valid, if someone hashes a password with md5 then all you need to do is run a brute forcer and compare each hash generated by the brute force method to the hash you have, i don't see the problem of calling that cracking.

 

Then you probably need to work on your math skills. Do you understand the post I just wrote? If foo => baz and bar => baz and I just tell you "baz". How are you going to know if I had "foo" or "bar"?

 

Well if i run your script 3 times then i get these 3 different hashes for a start,

 

f68902640462f40cb28cf80a0e468b289951852c33d72161ffa5c76650f9bf11

df345263f958e654c54badb27052f138e064594b1bc1074b869266f7f2aad2ba

b5f5d34abad06ad189324f7f7414093f4d683a3d32b4e7ab8e92adcda08c490d

 

Second point, i am not saying you can reverse a hash, i am saying if you try every possible combination of passwords then eventually you will hit the same combination that produces the oringnal hash, called a recursive method.

 

md5('a') = 3454535442

md5('aa') = 8983989932

md5('aaa') = 4534534544

 

 

and on and on until,

 

md5($x) = same hash as has you are trying to crack..

 

That is what cracking is, not decoding.

Share this post


Link to post
Share on other sites

Well if i run your script 3 times then i get these 3 different hashes for a start,

 

f68902640462f40cb28cf80a0e468b289951852c33d72161ffa5c76650f9bf11

df345263f958e654c54badb27052f138e064594b1bc1074b869266f7f2aad2ba

b5f5d34abad06ad189324f7f7414093f4d683a3d32b4e7ab8e92adcda08c490d

 

I think you need to start reading what people write. It gives random output because it gets random input. Remove the randomness in the input and you will remove the randomness of the output. Again, this is a math concept. The input is called the independent variable, the output is called the dependent variable. The dependent variable depends on the independent variable.

 

Second point, i am not saying you can reverse a hash, i am saying if you try every possible combination of passwords then eventually you will hit the same combination that produces the oringnal hash, called a recursive method.

 

Only if you have infinite amounts of time. You can get a value that produces the same hash, but you have no means of verifying whether it's the original value or one of the colliding values. Why is that so difficult to understand?

Share this post


Link to post
Share on other sites

...............

Only if you have infinite amounts of time. You can get a value that produces the same hash, but you have no means of verifying whether it's the original value or one of the colliding values. Why is that so difficult to understand?

.......

 

I think that what the rv20 is trying to get at is that he doesnt care what the original value is, if he finds a value that creates that hash it is good enough because even if its a collision it will allow him access to what ever that "password" protected are allows access to.... right rv20 ?

 

Share this post


Link to post
Share on other sites

...............

Only if you have infinite amounts of time. You can get a value that produces the same hash, but you have no means of verifying whether it's the original value or one of the colliding values. Why is that so difficult to understand?

.......

 

I think that what the rv20 is trying to get at is that he doesnt care what the original value is, if he finds a value that creates that hash it is good enough because even if its a collision it will allow him access to what ever that "password" protected are allows access to.... right rv20 ?

 

 

Correct but realise i am wanting to know this so to know how to secure against such a thing, for example before i asked this question i may have well stored the username and an md5($password)  in the cookie i now realise that there are quite a few valid ways to steal a cookie and therefore if you got the hash you could easily run it through a bruter.  This is pretty unlikely to happen but why not learn the basics, also quite interesting??

 

So now i know to do at least an md5(md5($password . $salt))  and you can't really go wrong.

Share this post


Link to post
Share on other sites

$salt = 'jdhje7usGHSjuio!<sghd09(shj)sgh!dgsj67';
$password = sha1($salt.$password.$salt);

 

Wallah. Computationally secure.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.