Jump to content


Photo
- - - - -

[PHP]-[Encrypting]-Sha1


  • Please log in to reply
30 replies to this topic

#1 liveman

liveman

    Young Padawan

  • Members
  • Pip
  • 246 posts
  • Location:New Jersey

Posted 04 November 2005 - 10:06 PM

Hello, Ok well this tutorial will teach you how to encrypt data in Sha1 using a function called Sha1() ... wonder were they got the name ;) . Ok well Lets begin

First off sha1, turns any words no matter how long into a 32 character key. Ok so you would set a basic sha1 statment like this:
<?PHP
   $encrypt = secure;
   $action = sha1($encrypt); 
   ?>
That code will turn the variable encrypt into a 32 char key. Ok well lets get a little trickier using this in an SQL query.
<?PHP
   // .... code above this cut 
	 $password = $_POST['password'];
	 $encrypt = sha1($password);
	 $query = mysql_query("INSERT INTO `db` VALUES ('$encrypt');
  // Remember that the query will change, and so may the variables
 ?>
Ok well after you set that in great...now how do you get the info out? well um... Idk ;)
haha ok well the script to gain information is obvious, but yet some might look past it because of that
<?PHP
   $password = $_POST['password'];
	 $encrypt = sha1($password);
   $query = mysql_query("SELECT * FROM `db` WHERE `password` = '$encrypt'");
  ?>
yup thats it... basicly thats all there really is to know about sha1(); its a great encrypter and not widely used so its harder to crack, however if you are stubborn and want to use md5, substitute the sha1() function for the md5() function, thats all there is to it :unsure:.
Ok well if anyone was able to follow that, I hope you learned something...this was my first tutorial so I hope you can gain some knowledge off of it.

Edited by liveman, 24 December 2005 - 03:00 PM.


#2 Ruben K

Ruben K

    Cliff

  • Twodded Staff
  • PipPip
  • 438 posts

Posted 05 November 2005 - 04:27 AM

for more information on US Secure Hash Algorythm 1: http://www.faqs.org/rfcs/rfc3174

#3 liveman

liveman

    Young Padawan

  • Members
  • Pip
  • 246 posts
  • Location:New Jersey

Posted 05 November 2005 - 07:16 PM

I couldn't find where that was, I was going to go in detail with it...to late :(

#4 remaker

remaker

    Young Padawan

  • Members
  • Pip
  • 5 posts
  • Location:Romania

Posted 14 December 2005 - 04:17 PM

It is not really ok to say encryption using sha1 , or md5... because this are one-way encryption or hashing.
You cannot encrypt and than decrypt using this :D

#5 Stu

Stu

    Retired P2L Staff

  • Publishing Betazoids
  • PipPipPipPip
  • 1,761 posts
  • Gender:Male

Posted 17 December 2005 - 03:22 AM

shoudnt this:

<?PHP
  // .... code above this cut 
	$password = $_POST['password'];
	$encrypt = sha1($password);
	$query = mysql_query("INSERT INTO `db` VALUES ('$password');
 // Remember that the query will change, and so may the variables
?>

be:

<?PHP
  // .... code above this cut 
	$password = $_POST['password'];
	$encrypt = sha1($password);
	$query = mysql_query("INSERT INTO `db` VALUES ('$encrypt');
 // Remember that the query will change, and so may the variables
?>


#6 Programmerguy150

Programmerguy150

    Young Padawan

  • Members
  • Pip
  • 114 posts
  • Interests:Eating your soul<br />P2L<br />PHP<br />Tutorials<br />Eating your soul..

Posted 17 December 2005 - 03:31 AM

That golly-gee might help! I want MY un-protected passwords entered:D!

#7 meadow

meadow

    Young Padawan

  • Members
  • Pip
  • 224 posts
  • Location:Devon, England
  • Interests:Php, Hockey, mysql, web design.

Posted 19 December 2005 - 12:52 PM

Thanks for sharing that tutorial, it's suprising how many functions there are available in php.

#8 Programmerguy150

Programmerguy150

    Young Padawan

  • Members
  • Pip
  • 114 posts
  • Interests:Eating your soul<br />P2L<br />PHP<br />Tutorials<br />Eating your soul..

Posted 19 December 2005 - 10:41 PM

I believe over 10000 w/o modules that are made by other companies (ie, pear, zend framework)

Edited by Programmerguy150, 19 December 2005 - 10:42 PM.


#9 Indigo

Indigo

    Official Alien

  • Members
  • PipPipPip
  • 617 posts
  • Gender:Male
  • Location:Trondheim, Norway
  • Interests:Computing in general, especially design and programming of all kinds.

Posted 20 December 2005 - 01:38 AM

What´s best to use - Sha1 og MD5?

#10 rc69

rc69

    PHP Master PD

  • P2L Staff
  • PipPipPipPip
  • 3,827 posts
  • Gender:Male
  • Location:Here
  • Interests:Web Development

Posted 20 December 2005 - 03:12 PM

its a great encrypter and not widely used so its harder to crack

It's actually not widely used for a good reason, not because it's harder to crack (because its easier). Read the articles below for more info on sha1 and md5.

http://www.schneier....analysis_o.html
http://it.slashdot.o...&tid=93&tid=228

Edited by rc69, 20 December 2005 - 03:13 PM.


#11 liveman

liveman

    Young Padawan

  • Members
  • Pip
  • 246 posts
  • Location:New Jersey

Posted 24 December 2005 - 02:58 PM

Even if it is easier, there are still many more people who just believe that most websites are encrypted in md5 which isn't true..but is there a way to tell them apart?? It all looks like crap to me :)

#12 rc69

rc69

    PHP Master PD

  • P2L Staff
  • PipPipPipPip
  • 3,827 posts
  • Gender:Male
  • Location:Here
  • Interests:Web Development

Posted 25 December 2005 - 02:03 AM

The length of the encrypted string. md5() returns a shorter string then sha1(), and if i'm right, the length of the strings they return is always the same... but that's just a guess.

#13 Ruben K

Ruben K

    Cliff

  • Twodded Staff
  • PipPip
  • 438 posts

Posted 25 December 2005 - 04:16 AM

The length of the encrypted string. md5() returns a shorter string then sha1(), and if i'm right, the length of the strings they return is always the same... but that's just a guess.

The lenght for all md5/sha1 hashes is the same, it's even so that 2 completely different sentences or pieces of text may have the same hash!

#14 CyrusWu

CyrusWu

    Young Padawan

  • Members
  • Pip
  • 28 posts
  • Gender:Male
  • Location:Niagara Falls, CA

Posted 16 June 2007 - 09:17 AM

YAY! Encyriptions.

Bring some more encyriptions please on here.

Now, to add to my collection md5 and sha1.

#15 α∂αмяoss

α∂αмяoss

    P2L Jedi Master

  • Members
  • PipPipPipPip
  • 2,102 posts
  • Gender:Male
  • Location:$_SERVER['REMOTE_ADDR']
  • Interests:football, Manchester Utd., coding, web developement, business, girls and warcraft.

Posted 16 June 2007 - 12:08 PM

Good tutorial but is it actually safe to use?

#16 NGPixel

NGPixel

    Senior Programmer

  • P2L Staff
  • PipPipPipPip
  • 1,410 posts
  • Gender:Male
  • Location:Montreal, Canada
  • Interests:Web Design : Coding : Animation

Posted 19 June 2007 - 11:18 PM

Well, i suggest using MD5 and not SHA1. Also, you shouldn't never check passwords directly in the MySQL query. You should first load the member data using the member id then validate the password against it in PHP, not MySQL. It's safer this way (just like you should never validate both username and password at the same time either, huge risk there).

#17 rc69

rc69

    PHP Master PD

  • P2L Staff
  • PipPipPipPip
  • 3,827 posts
  • Gender:Male
  • Location:Here
  • Interests:Web Development

Posted 23 June 2007 - 01:39 PM

Ok, well, i just have to problems left.
$password = $_POST['password'];
$encrypt = sha1($password);
You should never store an unencrypted password. Apart from the several various other reasons i'm saying this, those 2 lines should be more like this one line:
$password = sha1($_POST['password']);
And then Theres a slight parse error:
$query = mysql_query("INSERT INTO `db` VALUES ('$encrypt');
You're missing a ") before the semi-colon.

Good tutorial but is it actually safe to use?

Safer than base64_encode() ;)

#18 Hayden

Hayden

    P2L Jedi

  • Members
  • PipPipPip
  • 717 posts
  • Gender:Male
  • Location:Texas

Posted 30 June 2007 - 12:43 AM

rc69: what about something like?

$seed = "zPJ5";
$password = $_POST["password"];
$encrypt = md5(sha1($password).$seed);

or is that overkill?

Edited by SpatialVisionary, 30 June 2007 - 12:44 AM.


#19 rc69

rc69

    PHP Master PD

  • P2L Staff
  • PipPipPipPip
  • 3,827 posts
  • Gender:Male
  • Location:Here
  • Interests:Web Development

Posted 02 July 2007 - 05:51 PM

I've never been a fan of "seeds." I don't really see a point in one. They basically have to be static in order to function correctly (different per user, but still static), in which case, a hacker gets the seed automatically appended to his "guess."

But i don't know much about hacking. I do know sha1 is suseptable to brute-force attacks, but md5 isn't. So i guess that would be one way of doing it. Another would be to append the sha1 encryption to the md5 one.
md5($pass).sha1($pass)
Yes, it would result in a long encryption. But i dare somebody to find 2 strings that create the same output with that :)

#20 nitr0x

nitr0x

    Young Padawan

  • Members
  • Pip
  • 201 posts

Posted 04 August 2007 - 04:33 PM

I always find a safe way to do this is:

md5(md5(sha1(md5($pass))));

It starts inwards to outwards, so md5 the password, sha1 that hash, md5 that hash, then md5 it again.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users