I've seen md5() suggested a lot when it comes to password encryption, but
I'm wondering what the advantage is over using crypt(). Or is it just
personal preference?
- Ryan 8 15202
"Ryan Lange" <cl*********@co mcast.net> wrote
in message <op************ **@www.cl1mh422 4rd.com>: I've seen md5() suggested a lot when it comes to password encryption,
No, you didn't. MD5 is not an encryption algorithm, it is a
hashing algorithm. Data processed by MD5 cannot be "decrypted" ,
unless some brute force approach is used.
Cheers,
NC
Ryan Lange wrote: I've seen md5() suggested a lot when it comes to password encryption, but I'm wondering what the advantage is over using crypt(). Or is it just personal preference?
As Nikolai says, md5 isn't a crypt but a hash algorythm.
crypt() works in the same way as md5(), one way algorythms (hash), while md5()
does only support md5-algorythm crypt() does support DES, MD5 and Blowfish (of
course depending on the system PHP is built on).
The disadvantige to use crypt(), is that the system you are developint the PHP
scripts on my support DES while the machine which you later on run the scripts
on may not support DES and then your scripts won't work properly. Otherwise
the two functions are quite the same.
//Aho
I answer this on comp.lang.php only.
On 2004-05-31, Ryan Lange <cl*********@co mcast.net> wrote: I've seen md5() suggested a lot when it comes to password encryption, but I'm wondering what the advantage is over using crypt(). Or is it just personal preference?
md5() could encrypt password of an finite length, crypt() only up to 8 chars if
I remember correctly.
Bye,
phil
--
Please send replys (not followups) to the address set in Reply-To.
Philipp Kern - PK2186-RIPE - http://www.philkern.de
On 31 May 2004 02:04:38 -0700, Nikolai Chuvakhin <nc@iname.com > wrote: No, you didn't. MD5 is not an encryption algorithm, it is a hashing algorithm.
Damnit. You know what I mean... :P
- Ryan
I answer this on comp.lang.php only.
On 2004-05-31, Ryan Lange <cl*********@co mcast.net> wrote: I've seen md5() suggested a lot when it comes to password encryption, but I'm wondering what the advantage is over using crypt(). Or is it just personal preference?
md5() could hash passwords of an finite length, crypt() only up to 8 chars if
I remember correctly.
Bye,
phil
--
Please send replys (not followups) to the address set in Reply-To.
Philipp Kern - PK2186-RIPE - http://www.philkern.de
"Ryan Lange" <cl*********@co mcast.net> wrote
in message news:<op******* *******@www.cl1 mh4224rd.com>.. . On 31 May 2004 02:04:38 -0700, Nikolai Chuvakhin <nc@iname.com > wrote:
MD5 is not an encryption algorithm, it is a hashing algorithm.
Damnit. You know what I mean... :P
Then you know the answer to your question, too; storing passwords
as MD5 hashes ensures that if they are stolen by individuals who
have acess to password storage, be they hackers or rogue system
administrators, those individuals cannot use them. Compare with
encryption, where rogue sysadmins can run unchecked...
Cheers,
NC
On 2004-06-01, Nikolai Chuvakhin <nc@iname.com > wrote: Then you know the answer to your question, too; storing passwords as MD5 hashes ensures that if they are stolen by individuals who have acess to password storage, be they hackers or rogue system administrators, those individuals cannot use them.
But they could still crack them. The advantage of crypt() is then
that the password could be longer than passwords crypted with the
standard DES algorithm in UNIX password files.
crypt() is quite easy to crack, especially when the same salts
are used everywhere. Just a matter of time and the power of the
machine the attacker uses.
Bye,
phil
--
Please send replies (not followups) to the address set in Reply-To.
Philipp Kern - PK2186-RIPE - http://www.philkern.de
On 2004-06-01, Nikolai Chuvakhin <nc@iname.com > wrote: Then you know the answer to your question, too; storing passwords as MD5 hashes ensures that if they are stolen by individuals who have acess to password storage, be they hackers or rogue system administrators, those individuals cannot use them.
But they could still crack them. The advantage of crypt() is then
that the password could be longer than passwords crypted with the
standard DES algorithm in UNIX password files.
crypt() is quite easy to crack, especially when the same salts
are used everywhere. Just a matter of time and the power of the
machine the attacker uses.
Bye,
phil
--
Please send replies (not followups) to the address set in Reply-To.
Philipp Kern - PK2186-RIPE - http://www.philkern.de This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Ronald Evers |
last post by:
Hey all,
I want to store passwords in a postgresql database. Currently I use the
MD5Password class below and I've been developing on windows. I ran into
problems when running my application on linux.
Linux and Windows, with same JDK's (1.5.0), create different encrypted
password strings. So when testing a password created on one platform...
|
by: aars |
last post by:
Hello all,
I am creating a user administration system where system administrator
can activate services for a user, like webspace, a mail account or a
subdomain.
I now want to create a function that creates mysql databases and grant
the right privileges to a user. But the problem is that mysql wants to
have the plaintext password for the...
|
by: Fabio DONNA |
last post by:
Hello,
I'd like to store in an MS Access table some password, stored with MD5
method.
Do you know about MS Access free libraries-modules to MD crypt strings?
They must be free because DB will be distributed as freeware.
Thanks in advance
Ciao
|
by: Alexander Wehrli |
last post by:
Hi all,
Ok what I do is an application that starts Remote Desktop Connection
automatically. I do this by generating a temporary .rdp file this looks like
this:
----------------------------------------------------------------------------------------------
screen mode id:i:1
desktopwidth:i:1280
desktopheight:i:1024
|
by: Bart Schelkens |
last post by:
Hi,
I'm using an Access-database to store my data.
I'm going to encrypt the user's password using MD5.
This will give me a password as a binary of 16 long.
Does anyone know what type I need to give to my column in my
Access-database?
I can seem to find the binary-type.
| |
by: PJones |
last post by:
I am looking for the best way to one way encrypt a password for storage in a
database using (asp.net / vb.net)
basically I need some functions or examples that I can freely use in a
commercial project
anyone got any good functions or links I can look at ?
I was looking at MD5 hash .. the examples I saw confused me as I didn't see
a key...
|
by: Earl |
last post by:
I'm adding password encryption to the Employees form. I have a
strongly-typed dataset being used as the datasource for the
EmployeesBindingSource, and the Employees table set as the datamember. All
controls on the form are bound to the EmployeesBindingSource. Except for the
password ...
I set up separate handlers for the Password and bind...
|
by: lisles |
last post by:
hey,i have a login form wherein the take the username and password from the user and submit the form.im using burpsuite t check 4 threats.when i click on the submit button the password is visible.is it possible to encrypt the password as soon as enter it instead of passing it on clickin the submit button.here is my code:
<?php ...
|
by: krndhi1983 |
last post by:
In linux i am trying get grub password using /sbin/grub-md5-crypt.I got the
encrypted format. But I need to write the Encrypted string into a file.
How can I import the encryted string into a new file.Pls reply if u...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |