My class is learning Hash codes now
Can you give me a brief detailed on what it is,And how it is use?
My class is learning Hash codes now
Can you give me a brief detailed on what it is,And how it is use?
"Nine, "Ko-Kon" cried the mighty Kurama"
What kind of hashes?
Encrypted strings?
It's a terrible thing, I think, in life to wait until you're ready.
I have this feeling now that actually no one is ever ready to do anything.
There is almost no such thing as ready. There is only now.
And you may as well do it now. Generally speaking, now is as good a time as any.
yea,the ones that'll hide passwords
"Nine, "Ko-Kon" cried the mighty Kurama"
Encryption algorithms are functions to convert a string to an unreadable string.
The most used encryption technique for passwords is MD5, however I don't recommend you that one since it's easily brute-forcable and certain sites got a database with millions of decrypted hashes.
In PHP you can convert a string to an unreadable string by doing something like:
When you're storing passwords, it's also important to add a "salt" to it. This makes it even harder for dictionary brute-force attacks to decrypt the hashes.PHP Code:
// MD5
echo md5("password");
// SHA1
echo sha1("password");
// SHA512, we use the PHP function "hash" for this.
echo hash("sha512", "password");
PHP Code:
$salt = "EOIRJTO23049";
echo sha1("password" . $salt);
It's a terrible thing, I think, in life to wait until you're ready.
I have this feeling now that actually no one is ever ready to do anything.
There is almost no such thing as ready. There is only now.
And you may as well do it now. Generally speaking, now is as good a time as any.
If you know the algorithm used for the encryption, i.e md5(md5($password . $salt)) (vB's one) it makes no difference whatsoever whether there is a salt or not, obviously if you have the password hash I am assuming you have access to the salt too. (SELECT salt from users WHERE user='$username').
Seeing that a BF attack works by using all possibilities within the parameters you give ie (max length: 6, alphanumeric no symbols, etc) so 6 max and alphanumeric would be 6 ^ 35 different possibilities. And what the bruteforce software or script will do is do a loop through all those possibilities.
In essence this is what it will do:
Didn't write this on an IDE so don't mind any syntax mistakesPHP Code:
$salt = "qiu31u2i3u123uijasdasd";
$hash = "c20ad4d76fe97759aa27a0c99bff6710";
$array_with_possibilities = array (); // just putting this here so it can be understood, lets imagine the array with all possiblities has already been created, eventhough creating such a big array is not a good idea in php
while(count($array_with_possibilities) > $counter){
$current_hash = md5(md5($array_with_possibilities[$counter] . $salt);
if($current_hash == $hash){
die("Password found: {$array_with_possibilities[$counter]}");
}
$counter ++;
}
As for MD5 being easier bruteforced than the others, not true, seeing you are not reverse engineering the algorithm itself but creating all possibilities until you hit the correct one, which can be done with any of the other algorithms you suggested.
I meant MD5 hashes are faster to brute force than SHA512 hashes.
Let's use this tool as example: http://www.insidepro.com/eng/egb.shtml
MD5: 420 million p/s
SHA-512: 12.5 million p/s
It also depends on the length of the string which you encrypted of course.
It's a terrible thing, I think, in life to wait until you're ready.
I have this feeling now that actually no one is ever ready to do anything.
There is almost no such thing as ready. There is only now.
And you may as well do it now. Generally speaking, now is as good a time as any.
Ok,I got you 2 Understanding but like for example
"string hash ( string $algo , string $data [, bool $raw_output = false ] )" iS that already a has value?
"Nine, "Ko-Kon" cried the mighty Kurama"
There are currently 1 users browsing this thread. (0 members and 1 guests)