1

I know this isn't a great title and i'm not expecting anyone to actually know the specifics.

I'm referring specifically to PHP's md5 function that changes the password to a 32bit string, i think...
Anyway, If I have a password such as 'typewriter' will the md5 function always encode it to the exact same string? If so, surely it is very easy to just work out what all the words are encoded to and find someone's password? If there's a function to encode a word surely there could be a function to quickly decode it...

What is the safest way to encode a users password, i read about using the salt method to append another string to the users password, but surely if they can decode the password they can decode the salt to?

Thanks For Your Time, i look forwards to your suggestions.

P.S not sure it's going to be easy to award a winner for this as its a fairly open question.

Chris
  • 157
  • 1
  • 8
  • [MD5](http://en.wikipedia.org/wiki/MD5) is actually a 128-bit hash which is represented as a 40-character string most of the time. That said, this is probably a duplicate of "[Secure hash and salt for PHP passwords](http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords)" – Jimmy Sawczuk May 05 '11 at 21:59
  • 40? I see 32 character strings for the most part. Not confused with SHA1? – Scuzzy May 05 '11 at 22:38

9 Answers9

3

Anyway, If I have a password such as 'typewriter' will the md5 function always encode it to the exact same string?

Yes

If so, surely it is very easy to just work out what all the words are encoded to and find someone's password?

No. The point is that the hash is one-way. (Over simplified example: 3x5=15. Knowing 15, what do you have to multiple by the second number to get that?) The danger is in rainbow tables where by people have worked out the result of hashing many different inputs so you can do a reverse look up.

What is the safest way to encode a users password

Use a salt

, i read about using the salt method to append another string to the users password, but surely if they can decode the password they can decode the salt to?

Use different salts for each password.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • As `salt` wasn't really defined, a `salt` is a constant string (like `foobar`) which you always shove into a hash, like `md5($string . $salt)`. It stops rainbow table attacks, because if `md5($string . $salt) == md5($password . $salt)`, then you can safely assume `$string == $password`. – Blender May 05 '11 at 22:06
  • I always preferred something like `digest($salt . digest($password))` where digest is any hash algorithm (md5, sha1, etc) of your choice... some sites even incorporate things like username or user ID as part of the hash. Using something like sha-256 should adequately cover issues of reverse lookups (at least for now) – HorusKol May 06 '11 at 00:01
3

The md5 function isn't designed for password encryption -- it is a one-way hashing function that allows quick comparison between two (potentially large) strings.

It is computationally very expensive to crack a password through brute force methods, i.e., generating and hashing lots of passwords until you hit a match.

The md5 algorithm has been cracked -- it is easy to reverse without brute force methods.

The md5 function will produce the same hash every time for two strings that are the same. It may also produce the same hash for two strings that are different - read up on hashing collisions.

Finbarr
  • 31,350
  • 13
  • 63
  • 94
1

md5 passwords will create the same encrypted password everytime.

Try using phpass for great security. It uses salts and other hashing algorithms such as blowfish.

Read more about phpass

Can also use blowfish on its own. Check php crypt.

csi
  • 9,018
  • 8
  • 61
  • 81
1

At a minimum, they will encode the same, so it is succeptible to a brute force attack, via "rainbow tables"

As you mention, you can add a salt to the hash, which will help.

You can encrypt them instead, but that has risks, too.

Stick with the hash.

Good luck.

Alain Collins
  • 16,268
  • 2
  • 32
  • 55
1

Anyway, If I have a password such as 'typewriter' will the md5 function always encode it to the exact same string?

Yes

If so, surely it is very easy to just work out what all the words are encoded to and find someone's password?

No, not without additional resources. There are rainbow tables; that are tables with hash=>password, that helps here. With brute force they just compare the hash of the password with all the hashes in the table and maybe there is a match, that leads to a readable password.

If there's a function to encode a word surely there could be a function to quickly decode it...

MD5 is neither an encryption, nor an codec. It is a hash function, which means, that you cannot decrypt or decode it, because in theory there are infinite string candidates, that results in the same hash. This is also the reason why you need rainbow tables and brute force to decrypt a hash.

What is the safest way to encode a users password, i read about using the salt method to append another string to the users password, but surely if they can decode the password they can decode the salt to?

Thats it.

$hashed = md5($pass . "MySalt");

It is (with buyable hardware ;)) nearly impossible to decrypt this. If you have a super-dupa-important websites someone may create a special rainbow table just for your salt (if they get known of it). In this case you can use random salts, that you save along with the password, that it salts.

KingCrunch
  • 128,817
  • 21
  • 151
  • 173
1

a hash function will always have the same output for the same input.
you shouldn't worry about decoding hash functions such as md5 or sha1.
if you think that there is someone that could decode your hashed passwords, you can use a "salt" and/or combine hashes such as : 

$pass = "password";
$salt = "salt";
$encodedPass = sha1(md5($pass.$salt));
gion_13
  • 41,171
  • 10
  • 96
  • 108
1

http://codahale.com/how-to-safely-store-a-password/

Secure password storage is hard. Salting and using a stronger hash like SHA-1 get you some advantages over straight md5 hashing (rainbow tables make this easy), but it is still not a great solution. Use something like bcrypt for security and also never try and write your own crypto code.

Ben Hughes
  • 14,075
  • 1
  • 41
  • 34
1

Hashing of passwords using one-way-functions that produce a deterministic result from any an string, which is the whole point of hashing: Rather than storing the value you store some derived message and check if the hash of the user input matches the hash stored in the user repository.

The problem you suggests - that someone creates a dictionary containing all words and their hash values which enables reverse lookup of hashes is certainly a problem which must be addressed and the reason why many login system requires you to choose non-word passwords.

The other factor of a good hashing function must be that even minor changes in the input (the password) causes major changes in the hash. This way adding a number or chaning casing will produce drastically new outputs and the work of creating a dictionary will be much harder. An example using md5 hashing:

password: 5f4dcc3b5aa765d61d8327deb882cf99

passworD: a61f3f0aee2e87cf0571ca70afe289d2

Put rest assured that a dictionary containing "test" "password" "mommy123" etc already exists.

Besides md5 is not a very secure hash function, using SHA1 or SHA-256 might be better choices.

faester
  • 14,886
  • 5
  • 45
  • 56
1

Don't use MD5. Use SHA1 or SHA256 or something other than MD5, because MD5 isn't as secure. I don't know about the level of security of SHA1 (after all, they did make an SHA256), but I do know about the "security" of MD5 and that is that it's been found wanting.

Ed Marty
  • 39,590
  • 19
  • 103
  • 156