DJTim666 Posted June 26, 2007 Share Posted June 26, 2007 Is this code secure enough, or could somone crack it? <?php $shmd = sha1(md5(sha1(md5(sha1(md5(sha1(md5(sha1(md5(sha1(md5(sha1($_GET['cr']))))))))))))); ?> -- DJ Quote Link to comment Share on other sites More sharing options...
soycharliente Posted June 26, 2007 Share Posted June 26, 2007 Well, now that they know how you encrypted it, no. Quote Link to comment Share on other sites More sharing options...
corillo181 Posted June 26, 2007 Share Posted June 26, 2007 one md5 can't be cracked at all unless they real good at guessing. so i dont see the need for the extra ones. Quote Link to comment Share on other sites More sharing options...
DJTim666 Posted June 26, 2007 Author Share Posted June 26, 2007 I'll just add more encryptions ! EDIT: Yes, md5 can be cracked using an md5 decryptor ! Quote Link to comment Share on other sites More sharing options...
trq Posted June 26, 2007 Share Posted June 26, 2007 A single call to md5 is sufficient. There is nothing saying mutiple calls are more secure. What gives you this idea? Ive seen a few people trying this lately, I just don't see the point. Md5 alone is near impossible to break without alot of computer power and a few years on your hands. Quote Link to comment Share on other sites More sharing options...
soycharliente Posted June 26, 2007 Share Posted June 26, 2007 What is 'cr' anyway? If it's a password, just make them use 3 different character types and cracking it makes it exponentially harder. Quote Link to comment Share on other sites More sharing options...
teng84 Posted June 26, 2007 Share Posted June 26, 2007 to secure dont allow the user to enter the pword more than trice block the ip that he use and the uswername aswell Quote Link to comment Share on other sites More sharing options...
trq Posted June 26, 2007 Share Posted June 26, 2007 I'll just add more encryptions ! EDIT: Yes, md5 can be cracked using an md5 decryptor ! There is no such thing as an md5 decrypter. md5 is a hash, not an encryption. Quote Link to comment Share on other sites More sharing options...
DJTim666 Posted June 26, 2007 Author Share Posted June 26, 2007 Google is your friend. http://www.md5encryption.com ! Quote Link to comment Share on other sites More sharing options...
DJTim666 Posted June 26, 2007 Author Share Posted June 26, 2007 What is 'cr' anyway? If it's a password, just make them use 3 different character types and cracking it makes it exponentially harder. It's a part of this website. Quote Link to comment Share on other sites More sharing options...
trq Posted June 26, 2007 Share Posted June 26, 2007 Google is your friend. http://www.md5encryption.com ! That is simply a database of common words and there md5'd equivelent. Nothing magic about it, and it is NOT a decryption method. Quote Link to comment Share on other sites More sharing options...
DJTim666 Posted June 26, 2007 Author Share Posted June 26, 2007 That is simply a database of common words and there md5'd equivelent. Nothing magic about it, and it is NOT a decryption method. That is true. But what if you are only using md5 to store your passwords, and someone hacks into your database, grabs the md5 hash, and goes to that website. Then your password just HAPPENS to be in their database? I guess then you are screwed. Using sha1(md5(somethinghere)); could potentially save you. Quote Link to comment Share on other sites More sharing options...
Pastulio Posted June 26, 2007 Share Posted June 26, 2007 If they've already broken into your database, they're not gonna have much use getting a password Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.