|
|
|
Since MD5 was "cracked" thanks to rainbow tables... encryption techniques are changing between different programmers everyone has their own style of new encryption what are some of your favi encryption techniques.
there are new sha techniques creeping in so i hear from chris sha259 or something like that i believe peter has the class for this?
so do you believe that security in php is slipping? or is this just a chance for us to develop our own security techniques?
|
|
|
|
|
|
sha256. And I said I know Peter uses it sometimes.  And security isn't slipping, holes that were there are just being found. It's kinda like Windows XP. It isn't any more insecure (Well, shouldn't be. ), it's just that new holes are being found daily. New security methods are being created daily it seems though.
Last Edit: Jan 20, 2007 17:06:13 GMT by Chris
|
|
|
|
|
|
I use the following: sha1( md5( "code" ) ) .. 
|
|
|
|
|
|
|
|
I use the following: sha1( md5( "code" ) ) .. You should salt it as well. ???What is that.. lol
|
|
|
|
|
|
|
You should salt it as well. ???What is that.. lol Click the link It's basically where you take random letters/numbers and add it to the beginning and/or end of a string that you plan on hashing, so that it's longer. It just makes it harder to crack.
|
Support Rob Scuderi, the #1 Penguins Defender!
"Behold: me! I have authority in this building." |
|
|
|
|
I always forget to add a salt.
|
|
|
|
|
|
|
|
I still don't understand it, lol.
|
|
|
|
|
|
|
Ok, let's say someone enters the password 123456, and you plan on using SHA1 to encrypt it, then store it in a cookie. You would do something like this:
$pw = '123456';
$salt = 'dmj' . $ps . '9dl';
$hash = sha1($salt);
$_COOKIE['password'] = $hash;
It just increases the length of the hashed string, thus making it harder to crack with a rainbow table, or something like that.
Last Edit: Feb 5, 2007 14:50:06 GMT by Mithras
|
Support Rob Scuderi, the #1 Penguins Defender!
"Behold: me! I have authority in this building." |
|
|
|
|
but by using salt you must somehow store the salt where it won't be lost otherwise if its used for logging in somewhere the salt must be checked against the password the salt i tend to use alot is a mix of a reversed sha1 encryption of the date and time the user registered this is something i just whipped up fast i don't know if it would work or not as i haven't tested it.
<?php
class user_enc {
function reg_encrypt($str) {
// Set Vars
$d = gmdate('dmygia'); # Date
$hash = sha1(md5($d)); # double encryption
$rev = strrev($hash); # Reversed
$salt1 = md5($hash); # encrypt the hash
$salt2 = md5(sha1(md5(strrev(($str))));
$pass = $salt1.'-'.$salt2;
return $pass;
}
}
?>
|
|
|
|
|
|
|
You'd need to pass the date they registered to the function somehow Yami.
|
|
|
|
|
|
|
|
obviously lol.... like i said that was just the base.... and then you'd have to store that salt data against the password in the database to verify the login ..
|
|
|
|
|
