forum.vdsworld.com

jules · Posted: Mon Sep 01, 2003 12:55 pm Post subject:

Right. I haven't tested this idea, but if you want an alphanumeric key of any length that's easier to remember, just MD5 the key to convert it to a 32-byte hex value, use @substr() to grab a few digits from the result and then a $ in front to make a valid number for @encrypt().

FreezingFire · **Admin Team** Joined: 23 Jun 2002 Posts: 3508

But isn't it bad that it only accepts numbers as a key? Anyone can
just write a script and go through numbers and find the decrypted
string. Shocked

Unless of course you encrypt it multiple times and then they don't
know how many times you've encrypted it, which makes it harder
to decrypt if you don't know.

FreezingFire · **Admin Team** Joined: 23 Jun 2002 Posts: 3508

Serge · Posted: Mon Sep 01, 2003 3:22 pm Post subject:

good idea jules...

good point ff and good idea on your solution...you could also encrypt it several times using a different key each time...perhaps a key based on the md5 generated one as jules explained...the possibilities are endless

serge

CodeScript · Posted: Mon Sep 01, 2003 5:11 pm Post subject:

One more Idea as I said after encrpting write a character or or two at a postion of your choice and I don't think it is easy to decrypt it then because the encryption becomes a custom one.
EDIT: Use of non keyboard/ascii characters make it even stronger.

CodeScript · Posted: Mon Sep 01, 2003 5:15 pm Post subject:

FreezingFire · **Admin Team** Joined: 23 Jun 2002 Posts: 3508

jules · Posted: Mon Sep 01, 2003 6:42 pm Post subject:

Skit3000 · Posted: Mon Sep 01, 2003 6:47 pm Post subject:

Every encryption can be cracked in theory, but you could make it much more difficult by designing your own methods... Smile

vdsalchemist · Posted: Tue Sep 02, 2003 9:31 pm Post subject:

CodeScript · Posted: Fri Sep 05, 2003 2:37 pm Post subject:

GeoTrail · Posted: Wed Dec 31, 2003 12:09 pm Post subject:

jules, thanks alot for the tip about MD5.
But I am having problems decrypting a MD5 encryption.

Here is what I tested:

CodeScript · Posted: Wed Dec 31, 2003 3:23 pm Post subject:

I remember to have had the same problem

FreezingFire · **Admin Team** Joined: 23 Jun 2002 Posts: 3508

MD5 can't be decrypted. It's a one-way hash of a string. It's excellent for
storing passwords because the MD5 hashes can be stored unencrypted.
The only way to crack a password with this would be to go through every
possible combination in the world, which could take thousands of years.

The way to use it is to have a user enter a password, take the MD5 hash
of it, and store it. When the user enters their password again, the program
takes the hash of the password just entered and compares it to the original
hash stored.

It's very effective and as a matter of fact this forum system uses MD5,
non-decryptable hashes, so any attempt to compromise the database for
passwords would yield nothing.

CodeScript · Posted: Wed Dec 31, 2003 5:00 pm Post subject:

Hi FF I was about to post the same thing. I even had serious doubts if MD5 is reversible (practically). Thanks for the INFO