DaniWeb Forum Index > Web Development > PHP

Best encyption methods?

Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases

Last »

•

Join Date: Dec 2007

Posts: 608

Reputation: OmniX is an unknown quantity at this point

Solved Threads: 8

OmniX

Offline

Practically a Master Poster

Re: Best encyption methods?

#11

Feb 25th, 2009

nav33n my man! How you been!?!?!

Can we download the md5 anti hash method, so we can test our own web applciations?

Also how I assume to use the hash method is correct?

Thanks, REgards X

"You never stop learning." - OmniX

•

Join Date: Nov 2007

Posts: 3,739

Reputation: nav33n is a jewel in the rough

Solved Threads: 330

nav33n

Offline

Senior Poster

Re: Best encyption methods?

#12

Feb 25th, 2009

I am good OmniX! How are you ?

I don't think there is any decrypting script/function which you can download. They have mentioned how there can be a collision between 2 different strings giving out the same hash ! I tried to read some more about the same, but, everything is going right over my head

http://www.mscs.dal.ca/~selinger/md5collision/
http://www.unixwiz.net/techtips/igui...to-hashes.html

Thank you for creating this thread.. I can spend the rest of the evening reading these links

Ignorance is definitely not bliss!

*PM asking for help will be ignored*

•

Join Date: Dec 2007

Posts: 608

Reputation: OmniX is an unknown quantity at this point

Solved Threads: 8

OmniX

Offline

Practically a Master Poster

Re: Best encyption methods?

#13

Feb 25th, 2009

I have had no internet for months!

I have alot of catching up to do so join me :p

Ill do some more research and wait for a few more additional comments and come up with something.

But am I assuming how the hash method works, is correct?
(use any string to encrypt a variable to produce a unique 8 character string?)

"You never stop learning." - OmniX

•

Join Date: Sep 2007

Posts: 1,440

Reputation: cwarn23 has a spectacular aura about

Solved Threads: 135

cwarn23

Offline

Nearly a Posting Virtuoso

Re: Best encyption methods?

#14

Feb 25th, 2009

•

Originally Posted by nav33n

I don't think there is any decrypting script/function which you can download. They have mentioned how there can be a collision between 2 different strings giving out the same hash ! I tried to read some more about the same, but, everything is going right over my head

Although there may be no dehasher on the market that doesn't stop you from making one. But it does require about 2 petabytes of hardrive space (2048TB or 2097152GB). I have created a dehasher that simply records every key combination and its hash into a mysql database then when dehashing, just simply do a reverse lookup by searching for the recorded hash and original word when the entry was generated. Just let me know if you would like the script.

Try not to bump 10 year old threads as it can be really annoying.
Like php then read my website at http://syntax.cwarn23.net/
Star-Trek-Atlantis - now that's what I call a movie ^_^
My favourite PC. - MacGyver Fan
Bad english note: dis-iz-2b4u

•

Join Date: Nov 2007

Posts: 3,739

Reputation: nav33n is a jewel in the rough

Solved Threads: 330

nav33n

Offline

Senior Poster

Re: Best encyption methods?

#15

Feb 25th, 2009

•

But am I assuming how the hash method works, is correct?
(use any string to encrypt a variable to produce a unique 8 character string?)

Yep. Thats correct. In this case, the algorithm convert it to 8 character string.

Ignorance is definitely not bliss!

*PM asking for help will be ignored*

•

Join Date: Nov 2007

Posts: 3,739

Reputation: nav33n is a jewel in the rough

Solved Threads: 330

nav33n

Offline

Senior Poster

Re: Best encyption methods?

#16

Feb 25th, 2009

•

Originally Posted by cwarn23

Although there may be no dehasher on the market that doesn't stop you from making one. But it does require about 2 petabytes of hardrive space (2048TB or 2097152GB). I have created a dehasher that simply records every key combination and its hash into a mysql database then when dehashing, just simply do a reverse lookup by searching for the recorded hash and original word when the entry was generated. Just let me know if you would like the script.

Woah ! Something like a keylogger ? Is it in php or java/vb.net ?

Ignorance is definitely not bliss!

*PM asking for help will be ignored*

•

Join Date: Sep 2007

Posts: 1,440

Reputation: cwarn23 has a spectacular aura about

Solved Threads: 135

cwarn23

Offline

Nearly a Posting Virtuoso

Re: Best encyption methods?

#17

Feb 25th, 2009

•

Originally Posted by nav33n

Woah ! Something like a keylogger ? Is it in php or java/vb.net ?

It is php and to dehash sha1 you can simply use the following scripts (page titles are on second line of each code box):

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?
//db.php
//configure below mysql variables
$dbhost='localhost';
$accountname='root';
$password='';
$database='my database';
?>
<?
//db.php
//configure below mysql variables
$dbhost='localhost';
$accountname='root';
$password='';
$database='my database';
?>

Above box will configure the database. The database needs a table with the name 'dehasher' and two columns each named 'word' and 'hash'. Also the above must be named db.php
Below is the search page (index.php)

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?
//index.php
if (isset($_GET['hash']))
	{
	set_time_limit(0);
	ini_set('memory_limit','512M');
	ini_set('mysql.cache_size','1073741824');
	include('db.php');
	mysql_connect($dbhost,$accountname,$password)
	or die("Could not connect to MySQL server");
	mysql_select_db($database) or die(mysql_error()."Could not select database");
	$rowid=0;
	$sqlresult=mysql_query("SELECT * FROM `dehasher`");
	while ($row = mysql_fetch_array($sqlresult))
		{
		if ($_GET['hash']==$row['hash'])
			{
			$word=$row['word'];
			$dehashed=1;
			break;
			}
		}
	mysql_free_result($sqlresult);
	unset($row);
	}
echo "Enter in the details below and click the dehash button to dehash the code.<br>
<b>Please note it may take a few minutes to dehash due to the size of the database</b><br>
<table border=1 cellpadding=5 cellspacing=0 bgcolor=#FFCCCC><tr><td>
<form style='padding:0; margin:0;'>
<table border=0 cellpadding=0 cellspacing=0 bgcolor=#FFCCCC><tr><td>
Insert hash below</td><td>Hash type</td></tr><tr><td valign=top>
<input type='text' name='hash' size=50> </td><td align=left><input type='submit' value='dehash'>
</td></tr></table>
</form></td></tr></table>";
if (!isset($dehashed)) { $dehashed=0; }
if ($dehashed==1)
    {
    echo "<p>.<p><font size=3>The hash was decrypted successfully.<br>Below are the details:<br>
    <table border=1 cellpadding=0 cellspacing=0><tr><td>
    <table border=0 cellpadding=4 cellspacing=0><tr>
    <td bgcolor=#EEBBBB><font face='arial'><b>Word</b></font></td><td bgcolor=#FFCCCC>".$word."</td></tr><tr>
    <td bgcolor=#D8CCCC><font face='arial'><b>Hash</b></font></td><td bgcolor=#E9DDDD>".$_GET['hash']."</td></tr></table>
    </td></tr></table>";
    } else if (isset($_GET['hash'])) {
    echo "<b>Your hash could not be decrypted.</b>";
    }
?>
<?
//index.php
if (isset($_GET['hash']))
	{
	set_time_limit(0);
	ini_set('memory_limit','512M');
	ini_set('mysql.cache_size','1073741824');
	include('db.php');
	mysql_connect($dbhost,$accountname,$password)
	or die("Could not connect to MySQL server");
	mysql_select_db($database) or die(mysql_error()."Could not select database");
	$rowid=0;
	$sqlresult=mysql_query("SELECT * FROM `dehasher`");
	while ($row = mysql_fetch_array($sqlresult))
		{
		if ($_GET['hash']==$row['hash'])
			{
			$word=$row['word'];
			$dehashed=1;
			break;
			}
		}
	mysql_free_result($sqlresult);
	unset($row);
	}
echo "Enter in the details below and click the dehash button to dehash the code.<br>
<b>Please note it may take a few minutes to dehash due to the size of the database</b><br>
<table border=1 cellpadding=5 cellspacing=0 bgcolor=#FFCCCC><tr><td>
<form style='padding:0; margin:0;'>
<table border=0 cellpadding=0 cellspacing=0 bgcolor=#FFCCCC><tr><td>
Insert hash below</td><td>Hash type</td></tr><tr><td valign=top>
<input type='text' name='hash' size=50> </td><td align=left><input type='submit' value='dehash'>
</td></tr></table>
</form></td></tr></table>";
if (!isset($dehashed)) { $dehashed=0; }
if ($dehashed==1)
    {
    echo "<p>.<p><font size=3>The hash was decrypted successfully.<br>Below are the details:<br>
    <table border=1 cellpadding=0 cellspacing=0><tr><td>
    <table border=0 cellpadding=4 cellspacing=0><tr>
    <td bgcolor=#EEBBBB><font face='arial'><b>Word</b></font></td><td bgcolor=#FFCCCC>".$word."</td></tr><tr>
    <td bgcolor=#D8CCCC><font face='arial'><b>Hash</b></font></td><td bgcolor=#E9DDDD>".$_GET['hash']."</td></tr></table>
    </td></tr></table>";
    } else if (isset($_GET['hash'])) {
    echo "<b>Your hash could not be decrypted.</b>";
    }
?>

And below is the database generator:

 Help with Code Tags 
 php Syntax (Toggle Plain Text) 
<?
//generator.php
set_time_limit(0);
ini_set('memory_limit','2147483648M');
ini_set('mysql.cache_size','1073741824');
include('db.php');
mysql_connect($dbhost,$accountname,$password)
or die("Could not connect to MySQL server");
mysql_select_db($database) or die(mysql_error()."Could not select database");
$rownum=0;
//echo - text debugger for IE.
echo "<img src=0.gif width=1 height=1 alt='                                                       ".
"                                                                                             '><br>";
$list=" ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890`~!@#$%^&*()-_=+\|[{]};:\"',<.>/?abcdefghijklmnopqrstuvwxyz.,";
$loops=38430716820228233;
$chars=30;
$allwords=array();
$sqlresult=mysql_query("SELECT `word` FROM `dehasher`");
while ($row = mysql_fetch_array($sqlresult))
        {
        $allwords[]=$row['word'];
        }
mysql_free_result($sqlresult);
unset($row);
unset($sqlresult);
while (count($allwords)<$loops)
	{
	$escapecharplus=0;
	$repeat=mt_rand(1,$chars);
	while ($escapecharplus<$repeat)
		{
		$randomword.=$list[mt_rand(1, strlen($list)-1)];
		$escapecharplus+=1;
		}
	if (!in_array($randomword,$allwords))
		{
		$allwords[]=$randomword;
		$rowid+=1;
		mysql_query("INSERT INTO `dehasher` SET `word`='".mysql_real_escape_string($randomword).
                "', `hash`='".mysql_real_escape_string(hash('sha1', $randomword))."'");
		echo mysql_error();
		$rownum+=1;
		echo "<xmp>".$randomword."\n</xmp>";
                flush();
		unset($randomword);
                if (mt_rand(1,32)==2)
                        {
                        mysql_query("DELETE FROM `dehasher` WHERE `word`=''; DELETE FROM `dehasher` WHERE `hash`=''");
                        }
                usleep(50000); // lower cpu
                }
        }
?>
<?
//generator.php
set_time_limit(0);
ini_set('memory_limit','2147483648M');
ini_set('mysql.cache_size','1073741824');
include('db.php');
mysql_connect($dbhost,$accountname,$password)
or die("Could not connect to MySQL server");
mysql_select_db($database) or die(mysql_error()."Could not select database");
$rownum=0;
//echo - text debugger for IE.
echo "<img src=0.gif width=1 height=1 alt='                                                       ".
"                                                                                             '><br>";
$list=" ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890`~!@#$%^&*()-_=+\|[{]};:\"',<.>/?abcdefghijklmnopqrstuvwxyz.,";
$loops=38430716820228233;
$chars=30;
$allwords=array();
$sqlresult=mysql_query("SELECT `word` FROM `dehasher`");
while ($row = mysql_fetch_array($sqlresult))
        {
        $allwords[]=$row['word'];
        }
mysql_free_result($sqlresult);
unset($row);
unset($sqlresult);
while (count($allwords)<$loops)
	{
	$escapecharplus=0;
	$repeat=mt_rand(1,$chars);
	while ($escapecharplus<$repeat)
		{
		$randomword.=$list[mt_rand(1, strlen($list)-1)];
		$escapecharplus+=1;
		}
	if (!in_array($randomword,$allwords))
		{
		$allwords[]=$randomword;
		$rowid+=1;
		mysql_query("INSERT INTO `dehasher` SET `word`='".mysql_real_escape_string($randomword).
                "', `hash`='".mysql_real_escape_string(hash('sha1', $randomword))."'");
		echo mysql_error();
		$rownum+=1;
		echo "<xmp>".$randomword."\n</xmp>";
                flush();
		unset($randomword);
                if (mt_rand(1,32)==2)
                        {
                        mysql_query("DELETE FROM `dehasher` WHERE `word`=''; DELETE FROM `dehasher` WHERE `hash`=''");
                        }
                usleep(50000); // lower cpu
                }
        }
?>

But as you can see, if you used a whirlpool hash it would take 4 times the amount of hardrive space than the average size hash assuming the average size hash is 32 characters. But have fun dehashing if you have plenty of harddrive space.

•

Join Date: Nov 2007

Posts: 3,739

Reputation: nav33n is a jewel in the rough

Solved Threads: 330

nav33n

Offline

Senior Poster

Re: Best encyption methods?

#18

Feb 25th, 2009

Hmm.. one question though.. The table will store random strings and their hashes.. I guess it would be more efficient if a dictionary (like the ones used in Brute force) with all the commonly used words are also stored..

Ignorance is definitely not bliss!

*PM asking for help will be ignored*

•

Join Date: Dec 2007

Posts: 608

Reputation: OmniX is an unknown quantity at this point

Solved Threads: 8

OmniX

Offline

Practically a Master Poster

Re: Best encyption methods?

#19

Feb 25th, 2009

So if your double hasing a password as such, why not just make it even harder and make it a triple hasher with 3 unique words like banana, apple and pear? and if not even harder with apricot, peach, grape and just make a like 10 x hash encrypter?

Im just trying to understand the functioning of the hash encrypter before I start on my encrypting!

Thanks, Regards X

"You never stop learning." - OmniX