$myStr = $_GET['myStr'];
if ($myStr == md5($myStr)) echo "ok\n";
I know there is a type jugglying in the code, but in my tests I couldn't find an input that satisfies the condition.
Asked
Active
Viewed 54 times
-3
-
This the very basic thing you just need to do some research – Pankaj Makwana Oct 13 '17 at 14:03
-
md5, security and cryptography in the same list of tags is somewhat dangerous.... These days md5 should never be used for anything to do with security – Mark Baker Oct 13 '17 at 14:04
-
Don't understand what you want. You forget a ")" after ther "md5($myStr)" – Dessauges Antoine Oct 13 '17 at 14:05
-
Fixed the code! – Jose Felix Gavinho Neto Oct 13 '17 at 14:10
-
Duplicate: https://stackoverflow.com/questions/235785/is-there-an-md5-fixed-point-where-md5x-x – Progrock Oct 13 '17 at 15:07
-
1Possible duplicate of [Is there an MD5 Fixed Point where md5(x) == x?](https://stackoverflow.com/questions/235785/is-there-an-md5-fixed-point-where-md5x-x) – Brian J Oct 13 '17 at 15:57
2 Answers
1
No, you cannot find that myStr value as it would come down to finding a (first degree) pre-image for MD5. Although MD5 has been broken for collision resistance, you should not be able to find a pre-image. More information here.
I'm presuming there that your code amounts to finding y = md5(y). y = md5(x) is a more general assumption and it is described in the Wikipedia article linked to above that it is impossible to find such H(x), even for MD5.
That doesn't mean that you should use MD5. Please use SHA-256, SHA-512 or indeed one of the SHA-3 functions. Even if MD5 hasn't been broken that far, it has been broken enough not to be used anymore; "Attacks always get better; they never get worse."
Maarten Bodewes
- 90,524
- 13
- 150
- 263
0
Let's start from the beginning. I will provide an example so i may help you maybe understand better.
In the first line you have $myStr = $_GET['myStr'];
I will just assume you will get this variable from your url like this :
http://localhost/md5Project.php?myStr=test
This will give your variable $myStr the value "test".
Moving forward in your if statement you have:
if ($myStr == md5($myStr)
this will never be true because $myStr value is "test" and md5($myStr) value is 098f6bcd4621d373cade4e832627b4f6 so basically you compare 2 strings with values "test" and "098f6bcd4621d373cade4e832627b4f6problem" which will always lead to false.
pr1nc3
- 8,108
- 3
- 23
- 36
-
Never be true? https://stackoverflow.com/questions/235785/is-there-an-md5-fixed-point-where-md5x-x – Progrock Oct 13 '17 at 15:10
-
@Progrock Yes **never** because among other things "test" is 4 bytes and MD5 output is 16 bytes: the two are different lengths so will never be equal. – zaph Oct 13 '17 at 15:43
-
-
No matter what the input is i explained in my answer why they will never match. – pr1nc3 Oct 13 '17 at 21:50
-