notepad Posted May 9, 2007 Share Posted May 9, 2007 Hmm... I just read the MD5 entry on Wikipedia, and it says MD5 is broken and collisions happen. I always thought the MD5 was fine, until I read this... So now I wan't to upgrade. On Wikipedia it talked about SHA-1, so I read about it, but it is broken also. It said that SHA512 is still fine, and hasn't been broken yet... But I can't find any SHA512 PHP function anywhere, I looked on Yahoo and Google -- Nothing. Does PHP not support SHA512 yet? http://en.wikipedia.org/wiki/MD5 Also, once I upgrade to SHA512 (if I can with PHP), what should I modify my database to? Currently my password field is set for "varchar(32) default NULL", what would be the proper setting for the SHA512 function? Thanks! Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted May 9, 2007 Share Posted May 9, 2007 What will be word for this MD5 hash: d41d8cd98f00b204e9800998ecf8427e Quote Link to comment Share on other sites More sharing options...
notepad Posted May 10, 2007 Author Share Posted May 10, 2007 Is it salted? I checked it against gdata, but it wasn't found. Quote Link to comment Share on other sites More sharing options...
notepad Posted May 10, 2007 Author Share Posted May 10, 2007 Never mind, I got it... It is an empty string! Quote Link to comment Share on other sites More sharing options...
xenophobia Posted May 10, 2007 Share Posted May 10, 2007 So md5 is not secure anymore? Quote Link to comment Share on other sites More sharing options...
btherl Posted May 10, 2007 Share Posted May 10, 2007 What is your application? Authenticating files or obfuscating passwords? The attack described in the article demonstrates that MD5 cannot effectively authenticate files, but it doesn't show any weakness in MD5 as used for obfuscating passwords. Quote Link to comment Share on other sites More sharing options...
notepad Posted May 10, 2007 Author Share Posted May 10, 2007 So md5 is not secure anymore? Not sure... Thats what I'm trying to find-out. What is your application? Authenticating files or obfuscating passwords? The attack described in the article demonstrates that MD5 cannot effectively authenticate files, but it doesn't show any weakness in MD5 as used for obfuscating passwords. I am writing a PHP login script, and have been using it for that. Quote Link to comment Share on other sites More sharing options...
btherl Posted May 10, 2007 Share Posted May 10, 2007 Then you've got no problem, as long as you use a salt to avoid the "rainbow table" method described in the wikipedia article. The attack described in wikipedia is for the situation where you are using an MD5 hash to verify a file, and someone is attempting to create a different file with the same MD5 hash. Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted May 10, 2007 Share Posted May 10, 2007 Last night my research on Md5 is come over, I get some points, that md5 is not broken. It is still secure hash. Secondly i will come to notepad ur SHA512 hash, PHP 5 and above support this hash. If u have php 5 and above installed then just try this code and u will see it is in php. <?php print_r(hash_algos()); ?> but remember it is 128 character string so u have to change ur field length to char(128). other u can use md5 still for ur login scripts. Other info i wana to share with u guys, Hashes are design to _not_ be reversible. If you want something reversible, you need to look into encryption. Quote Link to comment Share on other sites More sharing options...
neel_basu Posted May 10, 2007 Share Posted May 10, 2007 I use SHA - 1 and then HAVEL - 190 on the output of SHA - 1 As Haval - 190 is not Populer I think its very secure. and also Im using it on a Hash not on a Hashed String not on the Original string. Quote Link to comment Share on other sites More sharing options...
notepad Posted May 10, 2007 Author Share Posted May 10, 2007 Is this the proper code for a salted sha512? $str = hash('sha512', $salt . $str); Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted May 10, 2007 Share Posted May 10, 2007 yes this is the proper way to code with SHA512. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.