Register • Search • FAQ • Memberlist • Usergroups • Log in md5 - sha1      Forum Index » Strawberry Support View previous topic View next topic md5 - sha1 Author Message sy_ Joined: 03 Aug 2006 Posts: 15 md5 - sha1 ok .... i was jus wondering why it seems like strawberry doesnt act right wen u use sha1 or even sha256 for encryptin instead of md5 ...... ??? any thing i might need to know ? Fri Aug 11, 2006 2:17 am Guest Please login to hide the ads. FI-DD Admin Joined: 22 Sep 2005 Posts: 2736 Location: Germany Make sure you replace all occurrences of md5 with sha1. What's sha1 good for? Fri Aug 11, 2006 11:29 am sy_ Joined: 03 Aug 2006 Posts: 15 ok .... i did that but i probly didnt replace every single md5 hash ...... but as for the question of what is sha1 good for ... well it's harder to decode a password in your login, mysql or anything that needs to be encrypted . an encoded password with md5 will hash the password with a string about this long: 771d8caa1867cb27703f957879089cc1 while sha1 will provide a string like this: 89b42a00b56e67ff56c65b6d453ec7d8383aa3f9 and even better is sha256 ( harder to implement and harder to break ) : b411b9fb88c3a32205a9bf14304ed8445967caae790650d1630157f0e6ed0e72 basically it makes it harder for a hacker to take you password and use it against you. which of course WOULD BE EVIL ! LOL .... but some useful sites for newbies or jus a reference would be at these links: shows how to use the hashes >> http://www.zymic.com/forum/lofiversion/index.php/t9088.html javascript implemetation of md5 and sha1 >>> http://pajhome.org.uk/crypt/index.html and one of my favorites that i have not done yet but will try, feyd's sha256 version >> http://forums.devnetwork.net/viewtopic.php?t=38810 Fri Aug 11, 2006 12:48 pm FI-DD Admin Joined: 22 Sep 2005 Posts: 2736 Location: Germany Quote: well it's harder to decode a password in your login, mysql or anything that needs to be encrypted . Well, CuteNews.RU/Strawberry md5-encrypts the md5-encrypted password. Code: <?php $pass = md5(md5($pass)); ?> So maybe that's more secure than a plain md5 encryption, similar to sha1? Fri Aug 11, 2006 7:42 pm sy_ Joined: 03 Aug 2006 Posts: 15 YEA I THINK IT IS MORE SECURE.... because from wut i know when you md5(md5($pass)) it makes it to where the hash is different then the first but why not add a salt to it ??? i think if you use md5 it would be better to salt it.... like so md5(md5($pass).$salt) or md5(md5($salt).md5($pass)) so that it generates a new random hash for person a and person b instead of one for both users............ then using the salt and pepper encryptor from this link >>> http://code.nathanbolender.com/PHP/salt_pepper/ adds even longer random hash and then i believe would make it stronger then sha1 alone. but md5 is well known and easier to break then sha1 and sha256 is just a beast so I think implementing md5 with a salt or going with sha1 or sha256 alone would be much better then the regular md5(md5($pass)); ... but that is my opinion..... i would just rather make it harder for a hacker then making it easier Sat Aug 12, 2006 5:00 am sy_ Joined: 03 Aug 2006 Posts: 15 and why is x added at the end of md5 ...........md5x ??? ......... does that throw off a hacker of what hash is being used ? Sat Aug 12, 2006 6:55 am FI-DD Admin Joined: 22 Sep 2005 Posts: 2736 Location: Germany sy_ wrote: and why is x added at the end of md5 ...........md5x ??? md5x() is just the name of the function which double md5-encrypts the password. There's no x added at the end of the file. Sat Aug 12, 2006 7:33 am sy_ Joined: 03 Aug 2006 Posts: 15 oooooooooohhhhhhhhh ok ...... i was a little confused at why it was there... so if i was to replace all md5 with sha1 ... woulda i have to replace it with sha1 also or leave as is ? Sat Aug 12, 2006 7:35 am FI-DD Admin Joined: 22 Sep 2005 Posts: 2736 Location: Germany I think, changing the function from this: Code: function md5x($str){    $str = md5(md5($str)); return $str; } to this: Code: function md5x($str){    $str = sha1($str); return $str; } should work. After that you have to reinstall the script. Sat Aug 12, 2006 7:38 am sy_ Joined: 03 Aug 2006 Posts: 15 ok thanks..... Sat Aug 12, 2006 7:41 am Display posts from previous:  All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year  Oldest FirstNewest First     Forum Index » Strawberry Support All times are GMT + 1 Hour Page 1 of 1   Jump to:  Select a forum CuteNews.RU----------------Announcements/DownloadScriptDemoFAQGeneral feedbackBugs and errorsHelpSuggestionsAdditional DownloadsSkins and snippets Strawberry----------------Strawberry DownloadsStrawberry SupportStrawberry FeedbackStrawberry Suggestions Other stuff----------------Site showcaseGeneral chat You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum Powered by phpBB © 2001, 2005 phpBB Group Design by Freestyle XL / Music Lyrics.