Search
Categories
What is MD5 ?
MD5 is a function that is able to create a non-reversible hash of strings and usually the strings are passwords
What are the uses of MD5?
MD5 digests have been widely used in the software world to provide some assurance that a transferred file has arrived intact. For example, file servers often provide a pre-computed MD5 checksum for the files, so that a user can compare the checksum of the downloaded file to it. Unix-based operating systems include MD5 sum utilities in their distribution packages, whereas Windows users use third-party applications. However, now that it is easy to generate MD5 collisions, it is possible for the person who created the file to create a second file with the same checksum, so this technique cannot protect against some forms of malicious tampering. Also, in some cases the checksum cannot be trusted (for example, if it was obtained over the same channel as the downloaded file), in which case MD5 can only provide error-checking functionality: it will recognize a corrupt or incomplete download, which becomes more likely when downloading larger files. In this tutorial, we will look at MD5 + Salt encryption
<?php
$password = "example";
$salt = 's+(_a*';
$salt_pass = md5($password.$salt);
?>
Here, we create a new password as well a salt password. We combine the two to create a secure password
Print Article
Bookmark Article
Save as PDF
July 24, 2007, 5:43 am
Salting in that fashion really provides no extra protection, except for people who crack p***words using online crackers or rainbow tables. Any decent bruteforcing app will allow you to append/prepend a fixed string, so the p***words will still get cracked in no time (There are some very fast md5 recovery tools written in x86 ***embly that are excellent at this, significantly faster than the most efficient C/C++ ones).
a much better way to salt is:
md5($salt.md5($p***word))
as most highly optimized applications will not like having to md5, prepend a string, and then md5 again.
No matter how hard you try though, you can always write a p***word cracker in php to defeat the salting. PHP based crackers can still pull acceptable cracking rates, nothing amazing however.
Of course, to crack it you must know the salt, but if you code your app correctly you should never even see the hashed p***word without having db access.