Has anyone noticed this? If you don't provide a salt when using crypt() it says it uses a default salt which turns out to be $1, but the result's completely different to if you actually gave it the salt $1. 
nope never noticed that, might have something to do with I don't use crpyt 
If the salt argument is not provided, one will be randomly generated by PHP.
where do you get $1 ???Have you tried using md5()? Works a heap better.good idea but reemember md5 is hackable. crtpy is a better way.Originally posted by scoutt
good idea but reemember md5 is hackable. crtpy is a better way.
Thats not true, its an one way algorithm.
The trick is to append additional information to the encrypted that only you would know internally....
MD5 is also used to verify viruses.... virus companies not only have to verify that its actually a virus, its commonly refered to as Hashing. It a 16 byte shifted data. unlike RS4 its not symetric where the key encrypts and decrypts.
Its a well known published algorithm, and the most used to verify the integrity of data on transmission, or hashing to verify the file has not been tampered with...
<!-- m --><a class="postlink" href="http://setiathome.ssl.berkeley.edu/windows.html">http://setiathome.ssl.berkeley.edu/windows.html</a><!-- m -->
just above the Download link you will notice an MD5 hash, just use MD5 to hash the Download ed file if they do not match then its been tampered with.I thought so too, but read this
<!-- m --><a class="postlink" href="http://www.sitepoint.com/forums/showthread.php?t=140453">http://www.sitepoint.com/forums/showthread.php?t=140453</a><!-- m -->
and
<!-- m --><a class="postlink" href="http://slashdot.org/article.pl?sid=04/07/03/1728231Yeah">http://slashdot.org/article.pl?sid=04/07/03/1728231Yeah</a><!-- m -->, you can read its a dictionary hack. they are testing already solved passwords. that are not salted.....
Its common to do so...
This is called baking, its done with all key data. Where the salt is also encypted along side the other data.
Its bruteforce nothing more....
Post the MD5 from that seti@home to them and see if they can crach it. Its not possible as there are only 32 chacters when there are 700K of them in the original.. they could not possibly try all those without some massive distributed computing....I realize all that but most people don't use salt and that is the only reason I brought it up. and md5 is not a encryption but a hash so most people miss that as well.For the better of the news ... MD5 is hashed in a manner thats done 32 times for each byte to shift the data to a normalized 16 bytes ....
The shifting table lookups for a true decrypt would be massive, you would need 100TB of diskspace to hold the state of the hash each time. The length of time to decrypt the data is more than just an exponent of the length of the string, its also an exponent of the shifts required to make it....
something like so
t = (L(c^32)^E)
where E is the string length L is the cost of the function c is the character.... this is like an Log(N^N^(o*32)) function complexity....
I would hate to see the memory requirements for this....heh, the memory requirements... what about the NSA's 2 billion dollar computer?Originally posted by mettebe
heh, the memory requirements... what about the NSA's 2 billion dollar computer?
It still couldn't do it ... think of it this way. Verisign who issues keys, tried to break one of their own that was 256 bit. It took them 4 years, 16 computers all maxed on ram, not to mention the diskspace for the db servers to crack it.
It wouldn't crack a 700K original key on MD5 without 4 or 5 hundred more, and 25 years. Not bruteforce but crack!!!!
nope never noticed that, might have something to do with I don't use crpyt If the salt argument is not provided, one will be randomly generated by PHP.
where do you get $1 ???Have you tried using md5()? Works a heap better.good idea but reemember md5 is hackable. crtpy is a better way.Originally posted by scoutt
good idea but reemember md5 is hackable. crtpy is a better way.
Thats not true, its an one way algorithm.
The trick is to append additional information to the encrypted that only you would know internally....
MD5 is also used to verify viruses.... virus companies not only have to verify that its actually a virus, its commonly refered to as Hashing. It a 16 byte shifted data. unlike RS4 its not symetric where the key encrypts and decrypts.
Its a well known published algorithm, and the most used to verify the integrity of data on transmission, or hashing to verify the file has not been tampered with...
<!-- m --><a class="postlink" href="http://setiathome.ssl.berkeley.edu/windows.html">http://setiathome.ssl.berkeley.edu/windows.html</a><!-- m -->
just above the Download link you will notice an MD5 hash, just use MD5 to hash the Download ed file if they do not match then its been tampered with.I thought so too, but read this
<!-- m --><a class="postlink" href="http://www.sitepoint.com/forums/showthread.php?t=140453">http://www.sitepoint.com/forums/showthread.php?t=140453</a><!-- m -->
and
<!-- m --><a class="postlink" href="http://slashdot.org/article.pl?sid=04/07/03/1728231Yeah">http://slashdot.org/article.pl?sid=04/07/03/1728231Yeah</a><!-- m -->, you can read its a dictionary hack. they are testing already solved passwords. that are not salted.....
Its common to do so...
This is called baking, its done with all key data. Where the salt is also encypted along side the other data.
Its bruteforce nothing more....
Post the MD5 from that seti@home to them and see if they can crach it. Its not possible as there are only 32 chacters when there are 700K of them in the original.. they could not possibly try all those without some massive distributed computing....I realize all that but most people don't use salt and that is the only reason I brought it up. and md5 is not a encryption but a hash so most people miss that as well.For the better of the news ... MD5 is hashed in a manner thats done 32 times for each byte to shift the data to a normalized 16 bytes ....
The shifting table lookups for a true decrypt would be massive, you would need 100TB of diskspace to hold the state of the hash each time. The length of time to decrypt the data is more than just an exponent of the length of the string, its also an exponent of the shifts required to make it....
something like so
t = (L(c^32)^E)
where E is the string length L is the cost of the function c is the character.... this is like an Log(N^N^(o*32)) function complexity....
I would hate to see the memory requirements for this....heh, the memory requirements... what about the NSA's 2 billion dollar computer
?Originally posted by mettebe heh, the memory requirements... what about the NSA's 2 billion dollar computer
? It still couldn't do it ... think of it this way. Verisign who issues keys, tried to break one of their own that was 256 bit. It took them 4 years, 16 computers all maxed on ram, not to mention the diskspace for the db servers to crack it.
It wouldn't crack a 700K original key on MD5 without 4 or 5 hundred more, and 25 years. Not bruteforce but crack!!!!