PHP Classes

why?

Recommend this page to a friend!

      Metalix Encryption  >  All threads  >  why?  >  (Un) Subscribe thread alerts  
Subject:why?
Summary:is this a notable package?
Messages:4
Author:Filip Oscadal
Date:2010-11-01 09:29:27
Update:2010-11-01 21:35:12
 

  1. why?   Reply   Report abuse  
Picture of Filip Oscadal Filip Oscadal - 2010-11-01 09:29:28
Simply - I don't get it. Why create such a class, when you simply need:

$hash = sha1($salt.$data);

or

$hash = hash('sha256', $salt.$data);

Hash test with 1024000 bytes (1000 KB) of random data, md4 always gets the first place, and md2 always get the last place :)

Results: (in microseconds)
1. md4 5307.912
2. md5 6890.058
3. crc32b 7298.946
4. crc32 7561.922
5. sha1 8886.098
6. tiger128,3 11054.992
7. haval192,3 11132.955
8. haval224,3 11160.135
9. tiger160,3 11162.996
10. haval160,3 11242.151
11. haval256,3 11327.981
12. tiger192,3 11630.058
13. haval128,3 11880.874
14. tiger192,4 14776.945
15. tiger128,4 14871.12
16. tiger160,4 14946.937
17. haval160,4 15661.954
18. haval192,4 15717.029
19. haval256,4 15759.944
20. adler32 15796.184
21. haval128,4 15887.022
22. haval224,4 16047.954
23. ripemd256 16245.126
24. haval160,5 17818.927
25. haval128,5 17887.115
26. haval224,5 18085.002
27. haval192,5 18135.07
28. haval256,5 18678.903
29. sha256 19020.08
30. ripemd128 20671.844
31. ripemd160 21853.923
32. ripemd320 22425.889
33. sha384 45102.119
34. sha512 45655.965
35. gost 57237.148
36. whirlpool 64682.96
37. snefru 80352.783
38. md2 705397.844

  2. Why indeed!?   Reply   Report abuse  
Picture of rudie dirkx rudie dirkx - 2010-11-01 20:48:14 - In reply to message 1 from Filip Oscadal
It's not notable. The only difference between this and md5() is the salt. Which isn't hard to add yourself in one line of code (as demonstrated).

Applying MD5 'several times' doesn't make the hash more secure. If you know the algorithm (you do) and the result is the same (this and md5's), it's as secure. Only difference is this one is much slower.

  3. Re: why?   Reply   Report abuse  
Picture of Alex Telford Alex Telford - 2010-11-01 21:28:17 - In reply to message 2 from rudie dirkx
Pretty much this is simply a scaled down version of my full encryption, the reason being is that brute force crackers can find your salt where you have accidently allowed users to view their input be changed to the md5,

this allows you to encrypt several times using an infinitely long string, with incrementing sections, differing from a single salt set.

in my full encryption set for example, I use this method with a couple of aditional features such as $this->about = create_page("about","php");
so within my document I can have <a href="<?PHP echo $page->about; ?>">link</a> and have it go to kj23429fkjG82b978GJ8.php or whatever.
this can also be used to create an infinite directory file tree of valid links without using .htaccess.

I will upload a complete version later perhaps, but in all this is an introduction to encryption for 3 reasons.
1. people new to php can read and understand the algorithym.
2. it can be easily modified to crash computers who use a scanner such as accunetix on your site (hackers)
3. hackers using directory traversal will find it hard.

and of course being non-standard there is no dictionary for it.

perhaps later I will upload classes more useful to advanced developers.
such as drupal like template switching for non database documents

  4. Re: why?   Reply   Report abuse  
Picture of Mike Gamble Mike Gamble - 2010-11-01 21:35:12 - In reply to message 2 from rudie dirkx
I agree. It doesn't make any sense to run MD5 multiple times. It's already one way encryption, which means there are an infinite number of strings that could result in the same hash. Simply using an unguessable salt string makes it as secure as anything else you could think of.