2. PHPRunner General questions
  3. SECURITY WARNING !!!!!
This topic is locked

SECURITY WARNING !!!!!

 		7/13/2010 11:37:37 PM
PHPRunner General questions
romaldus author

For those who use this method to encrypt any field:

$values["YourField"] = md5($values["YourField"]);


I've tested to decrypt at http://md5.web-max.ca/ and successfully decrypted in milisecond <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=question&id=14790&image=1&table=forumtopics' class='bbc_emoticon' alt=':o' /> <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=question&id=14790&image=2&table=forumtopics' class='bbc_emoticon' alt=':o' /> <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=question&id=14790&image=3&table=forumtopics' class='bbc_emoticon' alt=':o' />
the original text is blizzard
If you have another stronger methods to encrypt fields please share your experience....
A
 		ann 7/14/2010

Hi,
you've easily decrypted the word since there is a correspondence table between words and hashes in the decryption algorithm.

To avoid this we recommend to use a sequence of letters and numbers as password.

We plan to add a salt for the passwords before hashing them in the next version.

More information is here:

http://en.wikipedia.org/wiki/Salt_(cryptography)
romaldus author 7/14/2010



Hi,
you've easily decrypted the word since there is a correspondence table between words and hashes in the decryption algorithm.

To avoid this we recommend to use a sequence of letters and numbers as password.

We plan to add a salt for the passwords before hashing them in the next version.

More information is here:

http://en.wikipedia.org/wiki/Salt_(cryptography)


Thanks ann... as you advice, i use a sequence of letters and numbers as field value. Decryptor failed to decrypt the code. Thanks !
Sergey Kornilov admin 7/14/2010

These 'decryptors' use previously calculated md5 databases. This means applying md5 encoding to a dictionary word is not safe.