php script using user's ip to validate

[Psycho]

i dont know why i bother... why would i post my source here lol its real smart to build a hash an then give the source :/ im not trying to market anything lol forget the website guys the link i posted was to a demo see demo.php so tell ur ####%#%%% to brake it u have the link i wan see a screenshot of my login page lets see how good u guys are??? or r u all jus full of it?

 

also did use get time to crack the above hash??? thought it would be easy ??? only 5 letters ?? lmfao id love to show my code but not when i get this reaction for wanting to try sumfin new & yea im a s#it speller im truely sorry for this lol

 

sorry for over reacting to the crap thats been posted here i just cant stand f#ckheads that try diss ppl that wana share new ideas, nothing is impossible my system is secure and u can all get f#cked use are all like sheep anyway weather any1 agrees wif me of not they wont say it cause all the douchb@gs would diss them, hahahaha lmao at the w@nkers with quotes in there sig's from a site mod or admin hahahahahaha sucking up much?? lol ehhhhh

 

maby i should visit this forum when i need a spell check done or marketing tips & tips on how to suck up to admin accounts i could really learn alot !!

 

Your immaturity in both temperament and experience is apparent. Do you realize that many (if not all) the algorithms for the hashing methods used within the industry are publicly available? A secure hashing method is not one that relies upon obfuscation of the process. It's the exact opposite. By having the algorithms publicly available it allows experts and novices alike to verify the quality of the process, find flaws, and improve upon that method. A good hashing method would not be any less secure by the process being hidden because it should be impossible to reverse engineer the process to the the unhashed value. I have very little confidence that you or your associates were able to build a more secure hashing method than are already available. A more intelligent approach would have been to use an existing hash method with string lengthening and a salt.

 

Further, your so called challenge is a joke. As stated above a hash - if done correctly - cannot be "unhashed" into it's original value. All the sites that can presumably tell you the password for an MD5 hash are nothing more than rainbow tables which could be created for any hashing method. I could easily create some trivial hashing method in 2 seconds that would create a hash which you would never be able to decipher.

 

Here's a hash: 1

 

That is a hash of my social security number, date of birth and my mothers maiden name. I added up all the ASCII values of the characters and performed a modulus on the number 2. Granted, that is a gross simplification, but it illustrates the triviality of creating a value that cannot be reversed into the original value. But, as stated above, that is not what hashes are for.

 

Lastly, you have violated numerous forum rules

2. All users must be courteous to others.

5. Advertising and Spam are not allowed and is under a zero-tolerance ban/removal from PHP Freaks Forums

11. Flaming and or Trolling is prohibited and will result in course of action to be taken by Staff members

 

No one here attacked you. Some criticism was made, but you should take that and use it rather than getting defensive. I had also looked at your website earlier and had also considered writing a response regarding the poor spelling and grammar which stood out to me like an electronic billboard. But, I decided I didn't care enough to do so.

[xc0n]

psycho a user above said its bad to create your own hash & that his buddy could easily crack it, not me i know a hash cant be undone hence my attitude to n00bs that try diss me i guess i was very over reactive and should settle down i have just been working on this for a while and take offense easily my bad. id love to gather some files together of the previous version so you can all have a look? maby then u can give me some tips on improvement

[Psycho]

psycho a user above said its bad to create your own hash

 

And that was good advice in my opinion. There is a reason that even the largest IT companies rely upon hashing methods available in the industry. they have been developed by people that have a very deep knowledge and years of experience in the field. We're talking about people with PhD's in mathematics and advanced sciences. For example, SHA-1 was

. . . designed by the United States National Security Agency and published by the United States NIST as a U.S. Federal Information Processing Standard.

 

Sorry to be blunt, but I highly doubt you were able to come up with a better method. My organization works with companies that require the highest measures of security because of the data we store. We would fail any security audit by those companies if we were using a hashing method that has not been proven in the industry.

 

If you want verification that your method is acceptable then you should provide the hashing method along with some sample data. If you are confident in what you built.

[Christian F.]

*smiles* So I'm a "n00b" now..? Oh well, I can live with that.

 

Anyway, I just wanted to thank you for the entertainment, and to inform you that you won't be receiving any more assistance from me. As per your wishes. I got better things to spent my time on, after all.

Have a nice life, I know I do.

[KevinM1]

This thread is about an inch from being locked.  The only reason I haven't done it yet is because I feel there's some value in the discussion about hashing.

[Mahngiel]

I feel there's some value in the discussion about hashing.

Not just hashing, but security in general.

 

why would i post my source here lol its real smart to build a hash an then give the source

 

This is the fundamental problem in proprietary programming.  I understand fully the desire to protect one's hard effort and time into a project, but there are few areas where source should be really locked down - the hydrogen bomb, for example.  My issue with propriety (in respect to security algorithms) is nobody outside of the development team understands how it works.  This leaves end-users (SysAdmins and Wordpress bloggers alike) at the whim and mercy of a development team to stay on top of their own work while deviants spend their time trying to destroy it.  Want a fantastic analogy of this use case? Microsoft.

 

I'm not trying to put you nor your product down, in fact, I commend your attempts to bring an avenue of security. I think where you have flawed is in the presentation and implementation.  Why do I tell you this? Not because I want to begrudge you - not at all - but to inform you of my opinion.  Who am I to have an opinion? I'm a fellow developer and, who knows, a potential client.

 

Furthermore, security is a special topic.  If you're going to represent yourself as a security agent, your image needs to portray supreme professionalism.  That is why I attacked your "About Us" page.

 

Now, my opinion to improve your approach?  Market your client-side program to an external device: USB Sticks are favored by many since they permit portability, the U.S. Government uses chip-embedded ID Cards, look into biological analytics.  There are SO many advanced ways to implement security rather than to rely on trivial methods like IP addresses.  And THAT is why the community has  disapproved of your approaches.  There is a wealth of knowledge out there, and unless you are receptive to it, you'll get nowhere, fast.

[xc0n]

yea but sometimes the most basic way is best, usb security is bad think off all the n00bs getting a usb not recognised msg n not being able to view there data, an ip is like a finger print u can spoof it but u cant make it a number u desire! untill then my system is ok, i did post a demo link to a login that knowbody even saw, i got logs of over 7 people trying to get in since i last posed on here, now considering this is a big forum with alot of tallent i think i done well nobody cracked my hash! didnt even see a ss of my login page let alone a hack of any kind these guys would have just seen red so give me a lil credit ey?