Jump to content

Recommended Posts

if there is such a term

 

when editing my users

 

ive md5'd the id

 

but to show the records of the user where UserID='".$ID."'"

 

i need to get the querystring back to orginal id as it obvisouly wont find the md5'd version in my db

 

Cheers

 

 

All you need do is use something like.... where UserID='". md5($ID) ."'"

 

You cannot undo an md5.

Link to comment
https://forums.phpfreaks.com/topic/95585-un-md5-something/#findComment-489323
Share on other sites

think of MD5 as one-way you can't undo it,

its mainly used for passwords, for example

just say md5("helloworld") = "ABCDE123458"

Now i can't convert ABCDE123458 back to helloworld but i can re-create ABCDE123458 using helloworld

 

 

now in your example i assume you have an ID in the database ie 1,2,3,4 etc and your passing the ID via get but hashing it first.. now what you can do is MD5 the field ID and then compare ie

"SELECT * from `table` where MD5(ID) = {$_GET['ID']};";

 

so instead of un-MD5-ing your MD5 your existing results to match!

 

make sense ?

Link to comment
https://forums.phpfreaks.com/topic/95585-un-md5-something/#findComment-489330
Share on other sites

You are going to have another problem with your query. MD5 values are not unique. There are a limited number of different md5 values and several different starting values give the same md5 value.

 

In a query where you are checking for something like a unique username and a md5 of a password, the unique username will find the correct record and then the comparison of the md5 of the password will tell you if they entered the correct password.

 

Doing a query using only the md5 value will potentially return multiple rows, so you what you are currently doing is a non-unique identifier and cannot be guaranteed to always work.

Link to comment
https://forums.phpfreaks.com/topic/95585-un-md5-something/#findComment-489431
Share on other sites

without getting into the long posts about whats been cracked..

 

if i posted a MD5 with salt can you crack it ?

 

i assume no.. thus

 

sha512 isn't part of PHP

AES and BlowFish are TWO way encryption.. not great for passwords as they can be reversed..

Link to comment
https://forums.phpfreaks.com/topic/95585-un-md5-something/#findComment-489486
Share on other sites

It would probably be quicker to include the MD5'd ID in the database, if you're going to search it via MD5.  Otherwise your DB will have to hash and compare each of the IDs as it searches, which is going to be slower than just comparing strings.

 

Why are you hashing the user IDs?

Link to comment
https://forums.phpfreaks.com/topic/95585-un-md5-something/#findComment-489546
Share on other sites

you dont need to md5 or hash the id in the database just base64_encode it

 

it good enough for any normall user mate........

 

 

<?php
$redarrow=123456;

$res1=base64_encode($redarrow);
echo " encoded $res1 <br>";

$res2=base64_decode($res1);

echo " <br> decoded $res2 <br>";
?>

Link to comment
https://forums.phpfreaks.com/topic/95585-un-md5-something/#findComment-489672
Share on other sites

But still, I'd rather take sha512 - whether it's part of PHP or not - over md5. I couldn't decrypt it, nor crack it - but then I'm not in the habit of finding rainbow tables etc. I did stumble upon a site that had a lot more hashes than I was expecting. Looked like google, and it had the hash for what I consider to be a very strong  password. Fair enough with salting it's more secure, but I'll still leave MD5 alone. Too many people too intent on finding every possible hash for my liking.

 

Just found this topic, looks good at face value.

http://www.phpfreaks.com/forums/index.php/topic,186699.0.html

 

Sha1 and md5 are fine for now, but to be as future-proof as possible, I'd take others first.

Link to comment
https://forums.phpfreaks.com/topic/95585-un-md5-something/#findComment-489828
Share on other sites

If someone really wants to, they can just as easily build a rainbow table for sha512. It will be 4x larger in size, but with TB hard drives in the $250 range, that's no longer an issue.

 

That's the thing about rainbow tables... the bit length really doesn't matter. Security through obscurity will be broken.

 

Finding the original plain text of a well salted md5 is harder than a pure-sha512 hash, assuming both rainbow talbes are available

 

(i'm no longer in the underground scene, but it really would surprise me if there was one available for sha512)

Link to comment
https://forums.phpfreaks.com/topic/95585-un-md5-something/#findComment-489844
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.