Re: reverse MD5 ???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It's simple. 
If your system supports it performance wise..... 
Grab the id and compare it against the md5 version of the id saved in the 
cookie.
if( $_COOKIE['id'])== md5($id))
{
 //.. then allow or let the user to do something
}
 that's if you have the id already known. otherwise if you donno the id you 
gotta grab all the ids and md5 them and then compare them against the one 
stored in the cookie; which I dont recommand and is realy a stupid thing to 
do.
 HTH

 On 4/21/05, trlists@xxxxxxxxxx <trlists@xxxxxxxxxx> wrote: 
> 
> On 21 Apr 2005 Jason Barnett wrote:
> 
> > Any information that you wouldn't want in the script in plain text, you
> > probably don't want in the database in clear text. Moreover MD5 is a
> > one way hash and although it is broken, you probably don't want to spend
> > the processing time needed to reverse it.
> 
> In the general case, no reasonable amount of processing time will
> reverse it since (AFAIK) you have to brute force test all possible
> values, though for very short text it can sometimes be done, and there
> are online databases out there.
> 
> For the OP, this is part of what it means to use a hash or digest (MD =
> "message digest") as opposed to an encrypted value. The conversion
> from the original text to the hash is one-way and as a general rule
> cannot be reversed except by trying every possibility for the original
> text, which becomes an astronomical task with even very small text
> lengths. For example, for text using a-Z, A-Z, and 0-9, there are 218
> trillion possible 8-character values (62 ^ 8) and 839 quadrillion
> possible 10-character values.
> 
> Imagine MD5 (this is a very crude analogy) as taking a letter, tearing
> it up into tiny pieces, rearranging them according to some complex
> predefined algorithm, then selecting a hundred or so pieces with
> individual letters on them and putting those together as a code, and
> burning the rest. There is no way you can reproduce the letter from
> the code, except in the limited case where the letter is very short and
> your code actually incorporates all the pieces.
> 
> I believe the places where MD5 can be broken by brute force are where
> common words or phrases are used -- then it is possible to create a
> database of possibilities and their MD5 hashes and the database lookup
> is then quite fast. For example this allows people who have the MD5
> hash of a password to break short, common words used as passwords very
> easily. But if the MD5 value is not there, you are still stuck. For
> the example above (10-character values using A-Z, a-z, and 0-9) if my
> calculations are correct it would take about 32 million gigabytes to
> store those 839 quadrillion values and their matching MD5 digests in a
> database, not counting indexing (which adds to this) nor compression
> and other optimization (which could reduce it).
> 
> I am not talking about general security here and saying it is OK to
> expose the MD5 values, just looking at the difficulty of reversing
> them.
> 
> --
> Tom
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
M.Saleh.E.G
97150-4779817

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux