Jump to content

Recommended Posts

Md5 is decryptable, sha-1 is decryptable, I am really worrying now about how safe my data is? And because I'm not an expert of any kind, am I asking you guys how safe the following function really is? I called it md6 because it is based upon the md5 encryption.

[code]
function md6($Input, $Extract) {
   $sReturn = md5($Input);
   return substr($sReturn, 0, strlen($sReturn) - $Extract);
}
[/code]

Ofcourse $Extract will need to remain the same all the time, so whenever a user logs in or register's a certain number of characters is being extracted from the total length of the encrypted (pass)word. And md5 is now only used as an "commission agent". I think this make the encrypted data more secure because a number of characters is missing, making it somehow impossible to correctly decrypt it.. (I never say never ofcourse)

P.S.: My native language is dutch, and when I translated the word is was looking for by altavista I got commision agent.. wrong choice of words, I know, but I found it quiet amusing and even funny..
Link to comment
https://forums.phpfreaks.com/topic/16648-md6-decryptable/
Share on other sites

md5/sha1 uses one way encryption meaning it cannot be decrypted, however it can with brute force and cannot be done easily. Dont use md5 on its own. Use it with salt. If you add salt to your passwords it can become even harder for a hacker to brute force the password.
Link to comment
https://forums.phpfreaks.com/topic/16648-md6-decryptable/#findComment-69864
Share on other sites

Firstly, encrypt / decrypt implies "Encryption".  By definition, encryption is, "obscurity created by method".  Meaning that which is encrypted was done so by a particular method, in our case "salt" or "key".  This also lends to reason that it can be reversed or, "decrypted".

md5 is a hash mechinisim, meaning that there isn't a "salt" or "key" to generate the obscurity.  A hash is a system where a fixed object is believed to consistantly produce a like object on another plane or dimension.

So if I say

md5 ("test");

and it produces 828rgr435t9br54452

so long as I remembered that "test" = 828rgr435t9br54452 as an md5 hash then it wouldn't be secure, the idea though is that hashes are so long with no recognizable patteren that humans cannot or at least find it very difficult to commit to memory in a moments glance (which is all most hackers have).

It's not to the novice to know that 828rgr435t9br54452 is an md5 hash just by looking at it either; to see a hash string at it's value and know what generated it is another story altogether.

Link to comment
https://forums.phpfreaks.com/topic/16648-md6-decryptable/#findComment-69876
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.