Crack the SG1 Hash!
» >
» Goto page Previous  1, 2
» View previous topic :: View next topic  
swivelgames wrote:
Kllrnohj wrote:
I ask again, what are you using a hash for anyway?


I answer again...
swivelgames wrote:
I want to make a good enough hash program that maybe I can use it for L{CMS} now that PHP took out the hash() function from PHP. Now of course, we can always get an add-on to PHP to put it back into versions after PHP 5+ but I'de rather code it for all versions of PHP.
I was using SHA512, but now that they took out the hash() function, I want to change to something else because I want it to be compatible with all versions of PHP. I'm extremely annoyed that they took it out, but I guess I'll have to deal with it...


Hey sherlock, that didn't answer my question, hence why I asked it again. What purpose does a CMS have with a hashing function?
There are only two kinds of programming languages: those people always bitch about and those nobody uses. (Bjarne Stroustrup)
He's using it for passwords...



Signature Image Removed for Anti-Kermetic Imagery
I guess one thing you can do is to use the md5() function instead of the hash() one.
I am the eye of the river
>(<')


@rivereye: Read the whole topic before you reply. Thanks Smile

@Kllr:
alex10819 wrote:
He's using it for passwords...
Its a Content Management System, its going to use some kind of auth. I can't think of any other reason to use a hash in a cms off the top of my head. Wink
swivelgames wrote:
Its a Content Management System, its going to use some kind of auth. I can't think of any other reason to use a hash in a cms off the top of my head. Wink


And the MySQL Password() function fails in this regard why...?
There are only two kinds of programming languages: those people always bitch about and those nobody uses. (Bjarne Stroustrup)
I personally have never used it, and therefore not sure how well it would work in keep the passwords safe. This is one of the reasons I started this topic, for suggestions on what hashes are best to use with passwords. I kind of hinted that before, but it was firstly more of a topic to see who could crack my hashes(I enjoyed making them, and wanted to see how well they held up ^^,). No need to snap back, just trying to get my feel for new hash algorithms Wink

So anyway, the MySQL password() function, how well does it work? It always seemed to me like it was "too easy", I guess you could say.
swivelgames wrote:
I personally have never used it, and therefore not sure how well it would work in keep the passwords safe. This is one of the reasons I started this topic, for suggestions on what hashes are best to use with passwords. I kind of hinted that before, but it was firstly more of a topic to see who could crack my hashes(I enjoyed making them, and wanted to see how well they held up ^^,). No need to snap back, just trying to get my feel for new hash algorithms Wink

So anyway, the MySQL password() function, how well does it work? It always seemed to me like it was "too easy", I guess you could say.


It creates a hash Razz http://dev.mysql.com/doc/refman/5.0/en/password-hashing.html

You don't really need to worry about how crackable the hashes are, as the passwords will be stored on a password-protected MySQL server - ideally that server will be on localhost and will be set up to only allow connections from localhost. Then you just need to make sure you don't have any possible SQL injections (easy if you execute your SQL queries correctly - there are functions built into PHP to sanitize your inputs) and it will be "impossible" to find a hash collision as they don't have (and can't get) the hash. So MD5 will still be perfectly acceptable if for whatever reason you don't want to use the MySQL Password() function (this is, after all, what it was designed and built to do...)
There are only two kinds of programming languages: those people always bitch about and those nobody uses. (Bjarne Stroustrup)
The Tari wrote:
As far as I know, there isn't any. Basically, the OS signature is a Rabin-encypted MD5 hash. The keys are each 512 bits.


There are plenty of boot code BCALLs that deal with this. Sort by address on WikiTI and look at the 8000h+ ones.

The key is built into the boot code, to recover from certificate screw-ups when trying to receive a new OS.
Sounds good, I'll probably just some variation of the md5() function or both functions if I get paranoid Laughing
Just throw some salt into the password when you MD5() it or something. Razz
A good salt is "salt"



Signature Image Removed for Anti-Kermetic Imagery
@Kerm: I plan to.

I've had a function from the start that automatically made 4 char salt that is unique to each L{CMS} system Razz

Every time you install it, its a different one.
swivelgames wrote:
@Kerm: I plan to.

I've had a function from the start that automatically made 4 char salt that is unique to each L{CMS} system Razz

Every time you install it, its a different one.
Based on what? You might as well just cat /dev/rand or the PHP equivalent thereof. Oh, and why are you limiting yourself to only a 4-character salt? Have you made progress on this yet?
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Crack the SG1 Hash!
» Goto page Previous  1, 2
» View previous topic :: View next topic  
Page 2 of 2
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement