md5 - sha1

Post your problems with the script.

md5 - sha1

Postby sy_ » Fri Aug 11, 2006 2:17 am

ok .... i was jus wondering why it seems like strawberry doesnt act right wen u use sha1 or even sha256 for encryptin instead of md5 ...... ??? any thing i might need to know ?
sy_
 
Posts: 15
Joined: Thu Aug 03, 2006 9:46 am

Postby FI-DD » Fri Aug 11, 2006 11:29 am

Make sure you replace all occurrences of md5 with sha1.



What's sha1 good for?
User avatar
FI-DD
Admin
 
Posts: 2971
Joined: Thu Sep 22, 2005 11:27 am
Location: Germany

Postby sy_ » Fri Aug 11, 2006 12:48 pm

ok .... i did that but i probly didnt replace every single md5 hash ...... but as for the question of what is sha1 good for ... well it's harder to decode a password in your login, mysql or anything that needs to be encrypted .



an encoded password with md5 will hash the password with a string about this long:

771d8caa1867cb27703f957879089cc1



while sha1 will provide a string like this:

89b42a00b56e67ff56c65b6d453ec7d8383aa3f9



and even better is sha256 ( harder to implement and harder to break ) :

b411b9fb88c3a32205a9bf14304ed8445967caae790650d1630157f0e6ed0e72



basically it makes it harder for a hacker to take you password and use it against you. which of course WOULD BE EVIL ! :evil: :evil: :evil: :evil:



LOL .... but some useful sites for newbies or jus a reference would be at these links:



shows how to use the hashes >> http://www.zymic.com/forum/lofiversion/index.php/t9088.html



javascript implemetation of md5 and sha1 >>> http://pajhome.org.uk/crypt/index.html



and one of my favorites that i have not done yet but will try, feyd's sha256 version >> http://forums.devnetwork.net/viewtopic.php?t=38810
sy_
 
Posts: 15
Joined: Thu Aug 03, 2006 9:46 am

Postby FI-DD » Fri Aug 11, 2006 7:42 pm

well it's harder to decode a password in your login, mysql or anything that needs to be encrypted .




Well, CuteNews.RU/Strawberry md5-encrypts the md5-encrypted password.



Code: Select all
<?php

$pass = md5(md5($pass));

?>




So maybe that's more secure than a plain md5 encryption, similar to sha1?
User avatar
FI-DD
Admin
 
Posts: 2971
Joined: Thu Sep 22, 2005 11:27 am
Location: Germany

Postby sy_ » Sat Aug 12, 2006 5:00 am

YEA I THINK IT IS MORE SECURE.... because from wut i know when you md5(md5($pass)) it makes it to where the hash is different then the first but why not add a salt to it ??? i think if you use md5 it would be better to salt it.... like so md5(md5($pass).$salt) or md5(md5($salt).md5($pass)) so that it generates a new random hash for person a and person b instead of one for both users............ then using the salt and pepper encryptor from this link >>>



http://code.nathanbolender.com/PHP/salt_pepper/



adds even longer random hash and then i believe would make it stronger then sha1 alone. but md5 is well known and easier to break then sha1 and sha256 is just a beast so I think implementing md5 with a salt or going with sha1 or sha256 alone would be much better then the regular md5(md5($pass)); ... but that is my opinion..... i would just rather make it harder for a hacker then making it easier



:twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted:
sy_
 
Posts: 15
Joined: Thu Aug 03, 2006 9:46 am

Postby sy_ » Sat Aug 12, 2006 6:55 am

and why is x added at the end of md5 ...........md5x ??? ......... does that throw off a hacker of what hash is being used ?
sy_
 
Posts: 15
Joined: Thu Aug 03, 2006 9:46 am

Postby FI-DD » Sat Aug 12, 2006 7:33 am

sy_ wrote:and why is x added at the end of md5 ...........md5x ???


md5x() is just the name of the function which double md5-encrypts the password. There's no x added at the end of the file.
User avatar
FI-DD
Admin
 
Posts: 2971
Joined: Thu Sep 22, 2005 11:27 am
Location: Germany

Postby sy_ » Sat Aug 12, 2006 7:35 am

oooooooooohhhhhhhhh ok ...... i was a little confused at why it was there... so if i was to replace all md5 with sha1 ... woulda i have to replace it with sha1 also or leave as is ?
sy_
 
Posts: 15
Joined: Thu Aug 03, 2006 9:46 am

Postby FI-DD » Sat Aug 12, 2006 7:38 am

I think, changing the function from this:

Code: Select all
function md5x($str){



   $str = md5(md5($str));



return $str;

}




to this:

Code: Select all
function md5x($str){



   $str = sha1($str);



return $str;

}




should work. After that you have to reinstall the script.
User avatar
FI-DD
Admin
 
Posts: 2971
Joined: Thu Sep 22, 2005 11:27 am
Location: Germany

Postby sy_ » Sat Aug 12, 2006 7:41 am

ok thanks.....
sy_
 
Posts: 15
Joined: Thu Aug 03, 2006 9:46 am


Return to Strawberry Support



Who is online

Users browsing this forum: No registered users and 1 guest

cron

x