Wrox Programmer Forums
PHP How-To Post your "How do I do this with PHP?" questions here.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the PHP How-To section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
Old December 30th, 2005, 10:25 PM
Authorized User
Join Date: Oct 2003
Posts: 23
Thanks: 0
Thanked 0 Times in 0 Posts
Default md5() safe???


<..start of cold sweat..>

I came across a frightening url the other day that if you paste your md5() hash into it, it will print out your original password, I thought md5() was un-reversible? I use md5 for storing general passwords in the database for logging in and such things but thought that you could only compare the hash and not get the originating text?

One plus point that I found is that it if use a concatenation ie

$hash = md5($var1.$var2);

..and then get the hash and paste it into the site it doesn't get the two, but if you use just plain text it will find it every time.

The site in question is http://md5.rednoize.com/

and I found it in a new PHP security book by O'Reilly (sorry Wrox), but wondered if I am missing something here as I thought that I read that md5() had 360 million combinations or something?

Would like your feedback on this?

</..end of cold sweat..>


Follow up............found that it doesn't break them all just the simple words that you use. If you copy a decent password (hashed) into it with 7+ characters and the usual alpha-numeric patterns then it doesn't get them, so I guess that if you use good practice with your passwords then you should be OK, but still found it alarming as thought md5() was bullet-proof!

Similar Threads
Thread Thread Starter Forum Replies Last Post
md5 code !!!!! angelboy C# 2005 1 March 7th, 2007 03:25 AM
md5() in php pritz PHP How-To 1 May 17th, 2006 05:38 PM
Md5 encryption rahuljain_w .NET Web Services 2 September 30th, 2005 05:03 AM
MD5() and encryption spraveens Pro PHP 2 May 20th, 2004 05:06 AM
md5() question abollino BOOK: Beginning PHP4/PHP 5 ISBN: 978-0-7645-4364-7; v5 ISBN: 978-0-7645-5783-5 2 December 3rd, 2003 02:10 PM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.