16 replies to this topic

[dEcade]

Hi, well I was bored so I decided to work in a new script for hashing I called it "The Hash Project". It involves a database and two PHP functions. One function is just to insert data into the database and the other is to hash it. What makes it good is that when the first function for the database is ran it creates 63 random character strings each string has 15 characters in it. To save database space it will just insert it into one row and separate each string with a comma. Each string is random which will make it really hard to crack.

Once that is done you only have 1 function you have to deal with, this one will run a loop and in the loop it will do md5, base64_encode, md5. Then it will have an array to make each letter, number and other symbol have the text that was set in the database. Then after that it will do another md5, base64_encode, md5. The final md5 is basically to clean it up.

If you find it hard to follow here is how the second function works.

- Run hash function.
- Hash function gets database string. (###############,############### etc)
- Divides database string into 63 strings. (Separated by comma)
- Runs loop - x amount of times. (You can change the number if you wish)
- Runs md5 hash, base64_encode, md5 hash.
- Replaces each letter with the information from the database.
- Runs final md5 hash, base64_encode, md5 hash.
- Returns the string.

I hope to finish the testing today and see how it works. Then I will post the script 1.0.0 download.

Once the script is released, if you would like to change the script format to something else it probably won't be to hard if you know the script. If you do so please PM me and I will add it to the site I am making for it. (You will get credit for that version) Also please make sure it works before sending it to me.

dEcade

[cheerio]

It sounds very fancy and cool. I don't really understand much about hashing / encryption so I hope it's commented

[dEcade]

thanks, I hope to get a little demo up soon.

dEcade

[Rory]

wow this sounds good. Can't wait to see the finished product!

[dEcade]

It shouldn't take me too long to finish because it is actually a very small script. I think I am going to start a test some time tonight.

dEcade

[Hoot]

cheerio, on Sep 9 2006, 10:08 AM, said:

I don't really understand much about hashing / encryption so I hope it's commented

Basicly the script he is writing will make it VERY hard to decrypt. That is why it has so many steps.

Hoot

[dEcade]

cheerio, on Sep 9 2006, 10:08 AM, said:

It sounds very fancy and cool. I don't really understand much about hashing / encryption so I hope it's commented

Here just check these out they should help:

Hash - http://en.wikipedia....i/Hash_function
encrypt - http://en.wikipedia.org/wiki/Encrypt

dEcade

[Tirus]

well, all ive ever been using is md5, and not for something thats top secret anyhow, so just seeing this would be cool.

[dEcade]

Well I never really got around to finishing the install page and running it to test it out because I got caught up in other thing, but I hope to do that tomorrow.

dEcade

[Illinifan91]

sounds vey complicated what could possibly need this level of encryption lol.

[dEcade]

Well I deleted my other post, anyway.

The script is done; make sure you read the README before installing it or anything.

Here is the download link:

http://www.decadecreations.com/downloads/T...oject%201.0.zip

I added that warning in the README so that I couldn't be held responsible for anything

dEcade

Edited by dEcade, 14 September 2006 - 07:41 PM.

[Illinifan91]

its cool sitll dont understand the need lol.

[Hoot]

Probably for coder making CMS's or forums trying to make it super secure

Hoot

[NGPixel]

hash keys are needed mostly in forums and CMS to keep someone logged in using cookies. Since keeping the actual password in cookies is a huge security risk, we give the user a long key which is used like a password. If you check your cookies on P2L, you can see that we use something called pass_hash which is used across the site (both the main site and the forums).

And btw, for those who thinks the MD5 string is actually your password but encrypted, you're wrong. It's just a math equivalent. You cannot retrieve a password from a MD5 string but only check if it corresponds to what you entered.

[ChrisGilmore]

It's cool - Well done .

I may use it some time for a CMS I'm coding.

[α∂αмяoss]

That's pretty cool.

[dEcade]

NGPixel, on Sep 16 2006, 09:13 AM, said:

And btw, for those who thinks the MD5 string is actually your password but encrypted, you're wrong. It's just a math equivalent. You cannot retrieve a password from a MD5 string but only check if it corresponds to what you entered.

Yea it is just all math that does that but in a way it is your password because the code is not random, the word will have the same number every time. Now if you figured out how they did the math then you might be able to crack it

EDIT

I am also thinking of writing a simpler script that doesn't involve a database just some math. But if you used that I'd recommend changing some stuff to make it harder to crack

EDIT 2

After a little searching I found that md5 isn't that good of a hash it can be cracked quite easily. If you look around a bit you can even find the source code for many of the hash scripts. I found a hash thing that from the sounds of it is better which is sha1(); So I am going to use that for the final hash thing.

So I will be releasing The Hash Project V 1.0.1

I have also been looking at the different hashes seeing how they were coded and I will try making a new hash script that doesn't involve a database.

dEcade

Edited by dEcade, 16 September 2006 - 11:33 PM.