DJTim666 Posted June 26, 2007 Share Posted June 26, 2007 Is this code secure enough, or could somone crack it? <?php $shmd = sha1(md5(sha1(md5(sha1(md5(sha1(md5(sha1(md5(sha1(md5(sha1($_GET['cr']))))))))))))); ?> -- DJ Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/ Share on other sites More sharing options...
soycharliente Posted June 26, 2007 Share Posted June 26, 2007 Well, now that they know how you encrypted it, no. Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282495 Share on other sites More sharing options...
corillo181 Posted June 26, 2007 Share Posted June 26, 2007 one md5 can't be cracked at all unless they real good at guessing. so i dont see the need for the extra ones. Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282497 Share on other sites More sharing options...
DJTim666 Posted June 26, 2007 Author Share Posted June 26, 2007 I'll just add more encryptions ! EDIT: Yes, md5 can be cracked using an md5 decryptor ! Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282499 Share on other sites More sharing options...
trq Posted June 26, 2007 Share Posted June 26, 2007 A single call to md5 is sufficient. There is nothing saying mutiple calls are more secure. What gives you this idea? Ive seen a few people trying this lately, I just don't see the point. Md5 alone is near impossible to break without alot of computer power and a few years on your hands. Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282500 Share on other sites More sharing options...
soycharliente Posted June 26, 2007 Share Posted June 26, 2007 What is 'cr' anyway? If it's a password, just make them use 3 different character types and cracking it makes it exponentially harder. Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282501 Share on other sites More sharing options...
teng84 Posted June 26, 2007 Share Posted June 26, 2007 to secure dont allow the user to enter the pword more than trice block the ip that he use and the uswername aswell Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282502 Share on other sites More sharing options...
trq Posted June 26, 2007 Share Posted June 26, 2007 I'll just add more encryptions ! EDIT: Yes, md5 can be cracked using an md5 decryptor ! There is no such thing as an md5 decrypter. md5 is a hash, not an encryption. Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282504 Share on other sites More sharing options...
DJTim666 Posted June 26, 2007 Author Share Posted June 26, 2007 Google is your friend. http://www.md5encryption.com ! Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282515 Share on other sites More sharing options...
DJTim666 Posted June 26, 2007 Author Share Posted June 26, 2007 What is 'cr' anyway? If it's a password, just make them use 3 different character types and cracking it makes it exponentially harder. It's a part of this website. Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282519 Share on other sites More sharing options...
trq Posted June 26, 2007 Share Posted June 26, 2007 Google is your friend. http://www.md5encryption.com ! That is simply a database of common words and there md5'd equivelent. Nothing magic about it, and it is NOT a decryption method. Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282520 Share on other sites More sharing options...
DJTim666 Posted June 26, 2007 Author Share Posted June 26, 2007 That is simply a database of common words and there md5'd equivelent. Nothing magic about it, and it is NOT a decryption method. That is true. But what if you are only using md5 to store your passwords, and someone hacks into your database, grabs the md5 hash, and goes to that website. Then your password just HAPPENS to be in their database? I guess then you are screwed. Using sha1(md5(somethinghere)); could potentially save you. Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282524 Share on other sites More sharing options...
Pastulio Posted June 26, 2007 Share Posted June 26, 2007 If they've already broken into your database, they're not gonna have much use getting a password Link to comment https://forums.phpfreaks.com/topic/57176-solved-secure-enough/#findComment-282527 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.