Hi,
How to store a password in db, in registry, in ini encrypted width md5 width pb 4.60, can anyone give example?
Thanks
Karu
MD5 and password store
Re: MD5 and password store
Hi karu,
it is not posible to store a password with md5.
You can only store a fingerprint, which means you have always to compare 2 fingerprints and not the password directly.
You should be not able to reconstruct the original password out of the MD5Fingerprint.First it fails.
If you change the comments it is Ok.
Bernd
it is not posible to store a password with md5.
You can only store a fingerprint, which means you have always to compare 2 fingerprints and not the password directly.
You should be not able to reconstruct the original password out of the MD5Fingerprint.
Code: Select all
#PrefFile = "c:\tmp\test.pref"
Password$ = "TopSecret"
MD5Password$ = MD5Fingerprint(@Password$, Len(Password$))
OpenPreferences(#PrefFile)
WritePreferenceString("Password", MD5Password$)
ClosePreferences()
Password$ = "Test"
;Password$ = "TopSecret"
MD5Password$ = MD5Fingerprint(@Password$, Len(Password$))
OpenPreferences(#PrefFile)
MD5Pref$ = ReadPreferenceString("Password", "")
If MD5Pref$= MD5Password$
Debug "Password Ok"
Else
Debug "Password failed"
EndIf
ClosePreferences()
If you change the comments it is Ok.
Bernd
Re: MD5 and password store
Thanks, this your solution is same what i used before, but with this solution is problem. I have big application, where in different computers, users save other users passwords and md5 fingerprint in different computers is NOT always same, why i don't know, that's why I asked. And if fingerprint is not always the same, how i compare it?
Istead md5, today i use this solution, but i want still use md5:
Istead md5, today i use this solution, but i want still use md5:
Code: Select all
*Buffer = AllocateMemory(500)
If *Buffer
PokeS(*Buffer, "password")
pasword = SHA1Fingerprint(*Buffer, MemorySize(*Buffer))
FreeMemory(*Buffer)
EndIf
Re: MD5 and password store
Why do you want to use MD5? SHA1 is more secure and preferred by many. Though, I read many are using blowfish (bcrypt) since it is better at preventing hacks due to much slower algorithm.
Depending on your goals:
Store Passwords as a HASH(SHA1 or blowfish). Unable to recover original password.
Store Passwords encrypted with AES. Original password can be recovered if keys are shared.
Depending on your goals:
Store Passwords as a HASH(SHA1 or blowfish). Unable to recover original password.
Store Passwords encrypted with AES. Original password can be recovered if keys are shared.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
-
bhatkins2000
- New User
- Posts: 9
- Joined: Fri Apr 28, 2006 4:20 pm
- Location: Missouri
Re: BCrypt
Has anyone had success using the Bcrypt.dll to encrypt and validate passwords?
Looking for some example code if anyone has.
Thanks for any help.
Looking for some example code if anyone has.
Thanks for any help.
Re: MD5 and password store
Why do you want to use SHA1? SHA2 is more... wait. SHA3 was accepted 2015, and Fred's already added PB supportskywalk wrote:Why do you want to use MD5? SHA1 is more secure and preferred by many.
Re: MD5 and password store
@Keya - Think simple
MD5 is ok for this
@Infratec - This is not OK, this works wrong with unicode
MD5Password$ = MD5Fingerprint(@Password$, Len(Password$))
MD5 is ok for this
Code: Select all
EnableExplicit
UseMD5Fingerprint()
#salt$="86349c23q03457t5&(%)=/?=/()/%$%§?(/§"
Define password$="Your Password"
Define resulted_string$=password$+#salt$
Define hash$=Fingerprint(@resulted_string$, StringByteLength(resulted_string$), #PB_Cipher_MD5)
Debug hash$
MD5Password$ = MD5Fingerprint(@Password$, Len(Password$))
Re: MD5 and password store
Ok i'll think simple: simply change "UseMD5Fingerprint()" to "UseSHA3Fingerprint()", and simply change "#PB_Cipher_MD5" to "#PB_Cipher_SHA3" ...walbus wrote:@Keya - Think simple
MD5 is ok for this
Re: MD5 and password store
@Keya - Think simple
The guy use a older PB version without SHA3
And it looks, he will not use a newer...
The change for found here a collision with MD5, you can forget
Also you can not use tables for bruting the password
Try it, and post the collision, i think it´s not so simple and how you want this do, you have the salt not ?
The guy use a older PB version without SHA3
And it looks, he will not use a newer...
The change for found here a collision with MD5, you can forget
Also you can not use tables for bruting the password
Try it, and post the collision, i think it´s not so simple and how you want this do, you have the salt not ?
Last edited by walbus on Sun Sep 25, 2016 10:37 am, edited 1 time in total.
Re: MD5 and password store
I dont know enough about them to say whats involved in "breaking MD5" as im not even a mathematician let alone a crypto person so i won't debate how easy or hard it is, but all i know is that using it is like saying F U to your customers security/privacy, so in that sense to me it seems it's truly broken
btw if he has a PB older than SHA3 itll probably still have SHA2
btw if he has a PB older than SHA3 itll probably still have SHA2
Last edited by Keya on Sun Sep 25, 2016 10:45 am, edited 1 time in total.
Re: MD5 and password store
Looking for what you want MD5 !
I think not the guy want encrypt 1e6 or more passwords
Also, a password is only a little string
To time still MD5 is the mostly used hash for passwords around the world, i think...
I think not the guy want encrypt 1e6 or more passwords
Also, a password is only a little string
To time still MD5 is the mostly used hash for passwords around the world, i think...
Last edited by walbus on Sun Sep 25, 2016 10:48 am, edited 1 time in total.
Re: MD5 and password store
yeah but come on, if it's still the most common (i dont know) that's not because it's recommended as best ... people just hate updating their systems lol, "if its not broken dont fix it"... (but it kinda is!)
people just hate updating their systems lol, "if its not broken dont fix it"... (but it kinda is!)Re: MD5 and password store
@Keya
Older PB has not SHA2, only MD5 and SHA1
And the reason he will not use a newer can are different
All hashes have collisions, MD5 here is not a problem
Looking, the complexity from MD5 is 16Bytes, this is more as a lot for a little password with salt, also without salt
Think simple, you must not have a tank for protect you from rain
Older PB has not SHA2, only MD5 and SHA1
And the reason he will not use a newer can are different
All hashes have collisions, MD5 here is not a problem
Looking, the complexity from MD5 is 16Bytes, this is more as a lot for a little password with salt, also without salt
Think simple, you must not have a tank for protect you from rain
Re: MD5 and password store
MD5 is broken. Everyone should only use SHA-3.
Just read up on articals about password hashing. The only reason MD5 is still used a lot is because people are to lazy to update there code.
To resolve a plain MD5 you can just put it in google. Many common passwords can just be retrieved like that.
Watch this for some basic info about password hashing: https://www.youtube.com/watch?v=b4b8ktEV4Bg
Cracking MD5's: https://www.youtube.com/watch?v=7U-RbOKanYs
Just read up on articals about password hashing. The only reason MD5 is still used a lot is because people are to lazy to update there code.
To resolve a plain MD5 you can just put it in google. Many common passwords can just be retrieved like that.
Watch this for some basic info about password hashing: https://www.youtube.com/watch?v=b4b8ktEV4Bg
Cracking MD5's: https://www.youtube.com/watch?v=7U-RbOKanYs
Re: MD5 and password store
For passwords, yes. For generic data integrity checking, not really.Thorium wrote:MD5 is broken
Anyway, MD5 was once considered secure and state-of-the-art... just like people are saying now for SHA3. But in a year or two, SHA3 will also be broken and the Next Big Thing will be recommended.
It's a never-ending cycle.