943,910 Members | Top Members by Rank

Web Development > PHP > Best encyption methods?
Ad:
  • PHP Discussion Thread
  • Marked Solved
  • Views: 8372
  • PHP RSS
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Feb 25th, 2009
2

Best encyption methods?

Expand Post »
I have tried to research this and im always running into old articles.

What I have come across are (possibly more):
md5, sha1, hash, crypt and mcrypt

Now I have used md5/sha1 before and have 32/40 character long strings the others I dont know too much about but in short, what is the best encryption method? (I may have not even listed it)

Thanks, Regards X
Reputation Points: 31
Solved Threads: 10
Practically a Master Poster
OmniX is offline Offline
652 posts
since Dec 2007
Permalink
Feb 25th, 2009
4

Re: Best encyption methods?

I just love this question. In my opinion, it is best to use more than one hash so that it is harder to crack. And so that those online database chrackers can't store your hash, include the whirlpool hash. So below is a function I have made for a much better hash:
php Syntax (Toggle Plain Text)
  1. function truehash($hashzzz) {
  2. return hash('crc32b',hash('whirlpool',$hashzzz));
  3. }
The function above will be really hard to crack as it uses oppisite types of output. One of the advantages with the function above is that crc32b is short (less data recorded) and whirlpool is long (containing more data). And since a whirlpool hash is 128 characters long, I doubt anybody will have a giant database of the whirlpool conversions. Of course you could use all of the hashes in the function but may make take a bit of cpu.
Any other comments?
Sponsor
Featured Poster
Reputation Points: 410
Solved Threads: 258
Occupation: Genius
cwarn23 is offline Offline
3,004 posts
since Sep 2007
Permalink
Feb 25th, 2009
0

Re: Best encyption methods?

I havent researched the hash method in depth but what I have understood is that:

hash('$hash_string', $variable);

$hash_string = "abc" or whateva string you wish to use as hash method
$variable = variable wanting to hash (aka password)

So in your example you have doubled hashed your password, once using a long string and then against a short string? correct?

Due to the mix of the long and short encryption you believe this is the best method of encryptions?

The above correct? Thanks
Reputation Points: 31
Solved Threads: 10
Practically a Master Poster
OmniX is offline Offline
652 posts
since Dec 2007
Permalink
Feb 25th, 2009
0

Re: Best encyption methods?

Quote originally posted by OmniX ...
Due to the mix of the long and short encryption you believe this is the best method of encryptions?

The above correct? Thanks
Yes that is correct.
Sponsor
Featured Poster
Reputation Points: 410
Solved Threads: 258
Occupation: Genius
cwarn23 is offline Offline
3,004 posts
since Sep 2007
Permalink
Feb 25th, 2009
0

Re: Best encyption methods?

I forgot to ask, how many characters is the string produced?

Also am I correct in that I can use any string I wish to hash a password?

Thanks
Reputation Points: 31
Solved Threads: 10
Practically a Master Poster
OmniX is offline Offline
652 posts
since Dec 2007
Permalink
Feb 25th, 2009
0

Re: Best encyption methods?

The returned hash of my truehash function is 8 characters long and yes any string or number can be hashed through this function.
Sponsor
Featured Poster
Reputation Points: 410
Solved Threads: 258
Occupation: Genius
cwarn23 is offline Offline
3,004 posts
since Sep 2007
Permalink
Feb 25th, 2009
0

Re: Best encyption methods?

I think I didnt ask my second question correctly.

The terms 'crc32b' and 'whirlpool' are just random variables selected or actual hash functions? could I have used 'apple123' and 'banana123' instead?
Reputation Points: 31
Solved Threads: 10
Practically a Master Poster
OmniX is offline Offline
652 posts
since Dec 2007
Permalink
Feb 25th, 2009
0

Re: Best encyption methods?

Check this link.. http://www.hudzilla.org/phpbook/read.php/17_3_7
I also read here that md5 can generate collision (and is not safe anymore!). Someone also mentions (in the 2nd link) that whirlpool (as mentioned by cwarn23) is a good replacement! SHA1 isn't a safe encryption method too! Hmm.. I should stop using SHA1 !
Moderator
Featured Poster
Reputation Points: 524
Solved Threads: 356
Purple hazed!
nav33n is offline Offline
3,878 posts
since Nov 2007
Permalink
Feb 25th, 2009
0

Re: Best encyption methods?

Click to Expand / Collapse  Quote originally posted by OmniX ...
I think I didnt ask my second question correctly.

The terms 'crc32b' and 'whirlpool' are just random variables selected or actual hash functions? could I have used 'apple123' and 'banana123' instead?
Well the terms 'crc32b' and 'whirlpool' are what tells the computer which type of hash to use, so no you can't change those unless you want to use a different type of hash. It is the second field contains the string to hash.
Sponsor
Featured Poster
Reputation Points: 410
Solved Threads: 258
Occupation: Genius
cwarn23 is offline Offline
3,004 posts
since Sep 2007
Permalink
Feb 25th, 2009
0

Re: Best encyption methods?

Click to Expand / Collapse  Quote originally posted by cwarn23 ...
I just love this question. In my opinion, it is best to use more than one hash so that it is harder to crack. And so that those online database chrackers can't store your hash, include the whirlpool hash. So below is a function I have made for a much better hash:
php Syntax (Toggle Plain Text)
  1. function truehash($hashzzz) {
  2. return hash('crc32b',hash('whirlpool',$hashzzz));
  3. }
The function above will be really hard to crack as it uses oppisite types of output. One of the advantages with the function above is that crc32b is short (less data recorded) and whirlpool is long (containing more data). And since a whirlpool hash is 128 characters long, I doubt anybody will have a giant database of the whirlpool conversions. Of course you could use all of the hashes in the function but may make take a bit of cpu.
Any other comments?
Thats a very nice function. I wish I could give you more rep today
Moderator
Featured Poster
Reputation Points: 524
Solved Threads: 356
Purple hazed!
nav33n is offline Offline
3,878 posts
since Nov 2007

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: Access Control Limit Question
Next Thread in PHP Forum Timeline: Read and Write to text file





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC