Results 1 to 16 of 16

Thread: looking for MD5 to string, and string to MD5 [ Resolved ]

Threaded View

  1. May 1st, 2005, 04:07 AM #14
    CodeBlock
    CodeBlock is offline
    Lively Member CodeBlock's Avatar
    Join Date
    May 2005
    Location
    The_Universe.Milky_Way. Solar_System.Inner_Ring. The_Earth.Asia. India.TN. Chennai. Home_Sweet_Home
    Posts
    85

    Resolved Re: loking for MD5 to string, and string to MD5 [RESOLVED]

    Quote Originally Posted by Trojan
    So what's the point in encrypting something you cant decrypt?
    When it comes to checking Passwords, it is not the issue of only encryption (though it is one part), but the neccessity to use a Key. Using One-way-Only encryption methods like MD5 or SHA1 (i prefer MD5), you can secure your data. This way if your original password is "test123" your MD5 result might be:

    cc03e747a6afbbcbf8be7668acfebee5

    Its so impossible to get the source string that made it: "cc03e747a6afbbcbf8be7668acfebee5" by anybody (thats y it is called one-way encryption, which has no decryption)

    This raises a Question!

    So, how do u check for your password??

    Suppose, you have this MD5 encrypted password stored in your database (its better to store sensitive things in encrypted form). Ask the client to encrypt the password before sending over the Network. So the Server will check whether the stored "cc03e747a6afbbcbf8be7668acfebee5" and the incoming "cc03e747a6afbbcbf8be7668acfebee5" are the same. Since MD5 encryption is always the same in any OS, this will work.

    If your password is stored unencrypted (that is as "test123" itself. RAW) in your database, follow this method:

    The Server sends a key (any random generated string) to the client. The client then appends (or prepends or manipulates somehow) with the original password "test123" and then applies the encryption and sends it back. This way, the encryption is always different each time, even though the password is the same. In the meantime the server also does the same process of appending the key with the original password and keeps it ready with encryption for checking. An example might clear this more properly:

    Original password in Server Database: "test123"
    Server generates a random key: "hsozjr15sd86e"
    Server Sends it to -> Client
    Client receives "hsozjr15sd86e"
    Client prompts for the password from user.
    User Enters: "test123"
    Client joins the password and the key: "test123hsozjr15sd86e"
    The result is encrypted with MD5: "4a5f6722b66de40dffe0a3e2028bf6a6"
    Client Sends the encrypted pass&key to server "4a5f6722b66de40dffe0a3e2028bf6a6"
    Server does the same procedure (both have to match)
    Server appends the key with password(from database): "test123hsozjr15sd86e"
    Server makes MD5: "4a5f6722b66de40dffe0a3e2028bf6a6"
    Server checks with the client data: "4a5f6722b66de40dffe0a3e2028bf6a6"="4a5f6722b66de40dffe0a3e2028bf6a6"
    Server confirms, creates a Session and grants access!

    For MD5 Encryption:
    Download: vbCrypt.dll.zip [11.9 KB]

    Copy it somewhere safe (probably system32 folder) Add this DLL in Projects->References.

    VB Code:
    1. Private Sub Form_Load()

    2.     Dim ObjCrypt As New vbCrypt.EncryptionTools

    3.         MsgBox ObjCrypt.MD5HashString("test123")

    4.         'Results: CC03E747A6AFBBCBF8BE7668ACFEBEE5

    5. End Sub

    Hmm, Woka has also used the same vbCrypt.zip .. hehe (Hi there Woka, ) I know that my files are just repetitions. But u know, you must always end a Thread with a nice POST like this "RESOLVED" :P

    HTH
    Neo
    Attached Files Attached Files
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width