0

i'm looking how to create unique hash function or finding one that is not prebuilt already so there will not be bank of it , AKA : http://www.md5decrypter.co.uk/

any suggestion how to make one?

thanks in advance , Mor.

homerun
  • 19,837
  • 15
  • 45
  • 70
  • 5
    Maybe not an answer to your question but: **Don't**. You are going to fail anyways as this is really really hard and only works in an open peer reviewed process. – edorian Dec 22 '11 at 13:57
  • 1
    Use a decent hash algorithm, and __SALT__ – Mark Baker Dec 22 '11 at 13:58
  • 2
    Can you explain what you're trying to do? No hash function will be purely unique unless the output is the same size as the input, and even then care must be taken (it's not trivial). What's wrong with the standard [cryptographic hash functions](http://en.wikipedia.org/wiki/Cryptographic_hash_function)? – ircmaxell Dec 22 '11 at 13:58
  • 1
    I think he's not trying to design a new hash but rather to implement a currently unimplemented one. – Sirs Dec 22 '11 at 13:59
  • 2
    As @edorian said, use a well known one, which hasn't been broken so far, like [SHA-2](http://en.wikipedia.org/wiki/Sha-2). – vgru Dec 22 '11 at 13:59

3 Answers3

1

Simple, don't bother and just salt you hashes http://phpsec.org/articles/2005/password-hashing.html (and please don't use MD5, go for SHA1 or better for win).

James Butler
  • 3,852
  • 1
  • 26
  • 38
0

If you don't know where to start then you've got a long journey ahead of you before you'll be in a position to make something better than sha1 or even md5.

There are lots of ways to reduce the impact of data banks / rainbow tables - assuming that your data needs to be adequately secure to justify the effort. e.g. there's not much point in using a perfect hash (even if such a thing was possible) to protect passwords stored in a database nobody can access.

To make it harder for brute force attacks on a hash, use a salt and compress the salted data before hashing it.

symcbean
  • 47,736
  • 6
  • 59
  • 94
-1

If I were you I would take a play out of drupal's handbook and check this out: What is Drupal's default password encryption method?

To protect yourself from those rainbow tables just make sure that you either salt your hashes or stack multiple encryptions md5(sha1($pass)). I still don't think you should do that but anything is better than a simple md5($pass)

Community
  • 1
  • 1
JoshStrange
  • 1,121
  • 1
  • 7
  • 22
  • 2
    Don't stack multiple hashes unless you are very confident you know what you are doing. If you are not weary you will end up reducing the amount of keyspace (and therefore time) an attacker will need to bruteforce your password – James Butler Dec 22 '11 at 14:04
  • 2
    This is bad advice. There's actually been some research that says that what you suggest `md5(sha1($data))` can be [worse than either](http://crypto.stackexchange.com/questions/270/guarding-against-cryptanalytic-breakthroughs-combining-multiple-hash-functions). Instead, you should use a stretched function such as [PBKDF2](http://en.wikipedia.org/wiki/PBKDF2). Don't under any circumstances invent it yourself... – ircmaxell Dec 22 '11 at 14:21