desithugg Posted August 12, 2006 Share Posted August 12, 2006 currently i use md5 to encrypt my passes but i heard its not too safe.I was wonder if i shoudl create a filter to replace the password with sumbols than use md5 on them would than be any safer and anyways is there a way i can check if there is only letters,numbers in a form variable Quote Link to comment Share on other sites More sharing options...
Chetan Posted August 12, 2006 Share Posted August 12, 2006 No encryption key is safe by itself, though sha1 is still not that easy to decrypt, use<?php$pass = sha1(md5($pass));?>Though its also quite secure you can use str_replace to Change a letter into number and then use something like that again, a frend of mine did1. First use str_replace(), to firstttttt use your own encryption2. MD5 the string.3. SHA1 the string.4. Use str_replace again. Quote Link to comment Share on other sites More sharing options...
desithugg Posted August 12, 2006 Author Share Posted August 12, 2006 ummsha1 doesnt seem to be working for me but this is what i did[code]$pass = str_replace(array_keys($filter), array_values($filter), $pass);which gave me &™$§§#™:]0than$pass = md5($pass);which gave me 91d62cba721565fc5eade2f566bc9ee5and than i used $pass = md5( $pass );i did this 5 times lol adding a space each time and than i used my filter again and got my to[0:/™:[ª®;³:§™]®'[[§©?/']°'}0[ªª[/code]seems secure enough lol Quote Link to comment Share on other sites More sharing options...
SharkBait Posted August 12, 2006 Share Posted August 12, 2006 How is MD5 not too safe?I do know there are databases out there that link words with MD5 hashes. As long as people keep their passwords not the same as dictionary words, mix up the case, make it alphanumeric, and then salt the hash, should that not be good enough? Quote Link to comment Share on other sites More sharing options...
Chetan Posted August 12, 2006 Share Posted August 12, 2006 U see a hacker can always get more than one password, and so he can goto www.md5decrypter.com to decrypt passwords.Then he/she can find the similarities in the passwords, like the salt in the beginning and end, remove it and you are done and also even if the words are not dictionary words they can be decrypted many times, and you cant trust the users to always choose a non dictionary words also it is basically an admins resposibility to make his login system secure, not the users to choose a good password Quote Link to comment Share on other sites More sharing options...
SharkBait Posted August 12, 2006 Share Posted August 12, 2006 Makes sense enough.If there is a will.. there is a way :) Quote Link to comment Share on other sites More sharing options...
Chetan Posted August 12, 2006 Share Posted August 12, 2006 well itsWhere there is a will, there is a way.but it dosent even differ and im not even the language type, I only like germen as a languageOfftopic yet not offtopic Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.