This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Secure hash and salt for PHP passwords
I saw someone coding a password hash like this,
md5(uniqid(mt_rand('password', 15), true));
is that a secured way to do this? is that even worked out?
No it isn't a safe way. It is crackable and, in your example, it is not repeatable. You would have to store the random value long with the hash itself. If th DB is compromised, then it becomes extremely simple to bruteforce the hash.
You should know that MD5 and SHA1 are two of the weakest hashing algorithms, that are available in PHP.
Much better is to use crypt() function, with CRYPT_BLOWFISH or PBKDF2.
update
Also, as PeeHaa mentioned, it does not work. The mt_rand('password', 15) will cause Warning: mt_rand() expects parameter 1 to be long, string given on line X.
Not only is that not secure, it doesn't even work.
mt_rand takes 2 parameters, a min value and a max value.
mt_rand('password', 15)
This converts 'password' to an int (0), then returns a random number between 0 and 15.
uniqid(mt_rand('password', 15), true)
This then generates a unique ID, and prepends the random number from the previous step to it: calculating something like this:
144ffb22886d58e1.82100749
That string is then md5'd.
As you may be able to see, this code is 100% useless. The original password is converted to 0 and lost forever, so all you're doing is hashing random numbers, which is pointless. Now that you have your hash, there is no way to verify it again. Since the password is converted, whatever the user enters doesn't matter.
So, no, this code is not secure, do not use it.
Personally, I use the phpass library. It's secure, and simple to use.
To be honest I wouldn't even use md5 as a hashing algorithm for storing passwords. I would look into using something like bcrypt. Also I don't even get how your example would work, but in any case if you want to secure it then stay away from md5, sha1 at the minimum and learn from others mistakes and use a salt.
Related
This question already has answers here:
Is it possible to decrypt MD5 hashes?
(24 answers)
Closed 6 years ago.
I have a hashed MD5 password saved in a MySQL database. Is there anyway to find out how many characters were in the original password?
I don't think there is because from what I've read it's difficult to decrypt a hashed password anyway.
Anyway I can do this?
EDIT: Because of the serious amount of backlash!! I'm not interested in decrypting a hash, because I know thats not a great idea from what I've read.
The reason I ask is because.
I am migrating an old system including historic database to a new updated application. All users, many thousands have their password saved in the database MD5, but most with less than 8 characters, so I just wanted to know if there was a way to know if their original password was over 8 characters, then I can bcrypt it or force users to change their password.
But I'll have to force all users to change their passwords by the looks of it
From OP's comment:
i was just purely asking to save forcing all users to ti change their passwords if their password was below a certain character limit – frobak
The answer to this then is to use strlen():
http://php.net/manual/en/function.strlen.php
As for MD5, don't use it it's totally unsafe. A lot of water has gone under the bridge in over 30 years.
Use password_hash():
http://php.net/manual/en/function.password-hash.php
As for decrypting a hash; it can't be done/reversed; that's why it's called a hash and not encrypted.
There are what's called "Rainbow tables":
https://en.wikipedia.org/wiki/Rainbow_table
But I'll have to force all users to change their passwords by the looks of it
Consult the following: Converting md5 password hashes to PHP 5.5 password_hash()
That way you can "hit two posts with one stone".
However, MD5 is 32-length. You will need to increase that to 60+ in order to have the proper length when using password_hash() and as Jay Blanchard stated in his comment, otherwise that may fail "silently" later on when using password_verify().
Nope. You can generate random strings and hash those until you find a match and measure the length of that (this will take an extremely long time, and may actually be incorrect because of collisions, don't do it), but outside of that, it's impossible.
The answer is already given and is worth upvoting, nevertheless I would like to share another view on the problem.
Is it possible to find out the character length?
No actually there is no way to tell the number of characters in the original password from a MD5 hash.
Is it possible to find the passwords with less than 8 characters?
Unfortunately yes. Since cracker tools can brute-force about 20 Giga Md5 per second it is possible to test all 7 character password combinations (a-z A-Z 0-9) in only 3 minutes!
Please note that this is not what I recommend to do, since it would be illegal, it is just to show how unsafe such hashes are. Instead you can calculate a second hash from the stored MD5 hash, I described this in another answer.
So I know that MD5's are technically a no-no in new applications, but I randomly had a thought of this:
Since
md5($password);
is insecure, wouldn't
md5(md5($password))
be a better alternative?
would it keep getting more secure the more I use it? Say if I made a function like this
function ExtremeEncrypt($password)
{
$encryptedpass = md5(sha1(md5(md5($pass))));
return $encryptedpass;
}
Would this function be a good alternative to say using a random salt for every account like vbulletin does.
Double hashing a string does nothing except limit your key space and make collisions more likely. Please don't do this. Double md5 hashing is actually less secure than a single hash with some attack vectors.
A better option would be to use the password_hash function in php 5.5 or ircmaxell's password_compat library for earlier php versions.
First of: hash and encryption are not the same. Hash is a one-way function while encryption expects data could be decrypted.
You should not try to invent your own solution when it comes to security. In PHP, since 5.5 version, there is native solution called Password Hashing. md5() is insecure and you should be aware of that.
If you have PHP below 5.5 version, you should use salt to hash & store your passwords.
You have lots of answers here and they are accurate but they don't really explain why.
MD5 is a hashing algorithm. What a Hashing algorithm does, is take a long piece of data and analyse it cryptographically in a way that creates a smaller piece of data. So from ABCDEFGHIJKLMNOPQRSTUVWXYZ with my custom hash algorithm I might create a single digit hash 5.
When that is done, you lose information - ABCDEFGHIJKLMNOPQRSTUVWXYZ contains far more information than 5 and there is no way to make the translation the other way.
The problem with hashing in a way that only allows an outcome of 0-9 ( this is effectively a Checksum ) is that if you take two pieces of text, the chances are quite high that they will have the same hash. So maybe with my algorithm ZZZZZZZZZ will also produce a hash of 5. This is what is termed a Hash Collision.
Now what happens if I take the hash of my hash? Well, my starting point is already very low information - the most it can possibly be is one of ten digits, so the chance of a collision is now exceedingly high. Supposing when my hash algorithm runs on numbers it returns 1 if it is odd and 0 if it is even- so if I have a hash of ABCDEFGHIJKLMNOPQRSTUVWXYZ which comes to 5 then I have a 10% chance of a collision. But if I make a hash of that hash, I will now have a 50% chance of a collision.
The trick of cryptography is hiding information in such an enormous possible space that it is unbelievably hard to find. The more you shrink that possible space, the less well hidden your information is.
Short answer: No.
md5 is easy to break using brute-force. Adding additional layers of hashing only slows down a brute-force attack linearly.
First of all md5 isn't really encryption, because there isn't a decryption method to it. It's called hashing.
The standard practice is to salt your passwords:
$salt = [some random/unique number, people usually use user_id or timestamp]
$hashed_password = sha1($salt . $password)
Remember that you need to know the salt, hence usually it means storing it along with the hashed password.
You can have multiple salts, and arrange them however you like.
This question already has answers here:
Is it possible to decrypt MD5 hashes?
(24 answers)
Closed 10 years ago.
I have this hash generated with crypt function in php:
$1$jV3.NS/.$JLVMBWe0N/W0Rbft4NgPV.
I know $1$ is MD5's hash, jV3.NS/. is the salt and the other text is the encrypted string.
Is possible decrypt this hash if I know the salt?
No. That's the point of a cryptographic hash. It's easy to compute but computationally infeasible to invert.
No. That is the primary purpose for a hash. It is a one way mathematical operation.
A hash is a function designed to be easy to run forward, but exceedingly expensive/painful to reverse. Think of it like a sausage grinder. You can put practically anything you want in going forward but it's near impossible to turn the grinder backwards and get the original components back out
No, MD5 and other hashing functions are considered to be one way algorithms to prevent people from doing exactly what you're looking to do. However it IS possible to do a look-up against a library of precompiled words/passwords/etc. And find a match. (commonly called a rainbow table attack).
However the addition of a salt value means you will most likely have to brute force it, which will take a while. Though if you have the setup, there are some GPU accelerated programs that are REALLY fast.
This should get you started.
OphCrack: http://ophcrack.sourceforge.net/
This is the question: It`s possible to break a sha1(md5('password')) password ?
Or how it`s better md5 in sha1 or sha1 in md5 ?
Thanks!
multiple hashing doesnt further secure your password. just use a secure, salted hash.
check out http://php.net/hash
According to Wikipedia's MD5 article:
"The security of the MD5 hash function is severely compromised."
So adding MD5 to a SHA1 is not gonna make your thing more secure. I would even say that hashing an already hashed thing is not gonna make it more secure either.
A common mechanism that many people use for storing passwords is a salt encription over a hashed string.
Since no one answered the original question: Yes, it is possible.
As to the second question: md5(sha1('password')) will actually reduce security compared to just using sha1 because the hash size will be reduced. And the other way around doesn't help either.
Always use salting!
md5 will get you a 32 characters string.
sha1 will get you a 40 characters srings.
But, in both cases, those strings will only contain hexadecimal characters, which means only 16 possible values for each position : 0-9 and a-f
I don't think using md5+sha1 (no matter in which order you call those) is such a good idea : using only one of those on your password will probably be safer.
Just consider :
You can have, say, at least 8 characters in your password
Each of those 8 characters can be a letter (upper or lower case), a number, a special character ; which means at least something like 75 possibilities for each position
Don't you think that would make more possible combinations than 32 hexadecimal characters ?
Just use one hashing function, and salt your password.
Wrapping the hashing functions inside each other isn't going to make your hashes any more secure. A rainbow table could still be constructed to allow an attacker to read a large number of passwords in your database.
This is assuming of course that they have access to your code, but they probably do since by this stage they have access to your database.
Using two hashes does not make your algorithm safe; hashing once, using the best (with more bits) algorithm AND adding some salt does. For example:
sha1('This is some salt' . $string . 'othersalt')
This is much safer against rainbow tables. I mean: not completely safe, as the attacker could build a rainbow table, but it is safer because common rainbow tables won't work. Also notice that both algorithms have been cracked: I strongly suggest you to use SHA-2, e.g. sha-128 or sha-256. They still haven't been broken.
Last thing: always salt hashes against rainbow tables. Always use the best hashes: SHA-3 is coming, you may want to use it.
SQLite doesn't have MD5 built in, so I'm considering using the hash function instead. I don't know much about hashing, but I can see that hash() output is numerical and of varying length while MD5() returns mixed characteds/numbers of a fixed length.
I couldn't find anything on this on stackoverflow or google.
Can hash() with salt be used to safely store passwords?
EDIT: Super embarassing mistake, I actually ment hex(), not hash() - Sorry for the error
hex() is not a cryptographic function. All it does is return the hexadecimal value of the string you pass into it. This is not a secure way of storing passwords.
You want to create a hash value before storing the password in your SQLite database. Use the PHP hash() function as other answers have suggested.
You have this tagged as PHP as well, so why not use a PHP function to accomplish what you need? PHPass seems to be hot right now as people are moving away from sha1() and md5().
You can use hash to store passwords as long as you use seed, and use individual seed for every password. The hash function creates value which is unique for a unique string (you can hash other datatypes as well) so it is a good candidate for your task.
With the php hash function you can pass SHA256 to the first parameter and it will create a strong hash of the password + salt. There is no need for extra extensions, for a web application other than a high security system like a banking site, sha256 is fine. It may even be overkill.
hash('sha256',$salt . $password);
Should do the trick. Now you can save the data in a varchar column in your database since the hash function outputs a hex string. The hash function has variable output because it can use many different hashing algorithms. the hash function with sha256 as show above, will output 64 characters in a string. Putting the salt at the beginning is better than putting it at the end, as more randomness at the beginning of hashes is better than randomness at the end.
I couldn't find anything in the SQLite docs regarding a hash() function. You may be using SQLite with some basic third-party C/C++ plugins included, or you may be using the PHP hash() function (which allows you to specify the hashing algorithm to use).
Generally, a one-way hash is a good way to store passwords, and if it's the PHP hash, used with SHA256, I see no reason why it wouldn't work for you. Just be aware that some hashing functions have demonstrated flaws; MD5 can produce predictable and exploitable collisions, and SHA1 also has theoretical vulnerabilities. SHA2 algorithms including SHA256 are based on SHA1, but have not yet been shown to suffer the same weakness.
In any case, to help ensure a unique hash, use a hashing algorithm that produces a hash equal or larger than the message; it is trivial to prove that, given a finite set of hash values, there cannot be a unique hash value for each of the set of messages larger than the hash size.
Chances are you are using the PHP hash() function, which is more then functional. I would stay away from SHA1 and MD5, as they both have vulnerabilities or known reverse-lookup tables (IE, if someone got the hashed password, they could go to many sites available online and enter that in, and it will give them a password that will, when passed through MD5 or SHA1, give the same password.)
hash(256) or hash(512) are way more than what you could probably need, so those will probably be safe. Just remember to salt your passwords. You can never be too careful.