Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

MD5

SHA1

SHA1 encrypted with username

Other, ive posted it in the topic

[Danny696]

Well, as most of you will know, MD5 just isnt secure enought now-a-days, Im thinking we should SHA1 it, mabey even a a salt, like SMF does with their username. Watta you think.

[Danny696]

Poll added.

[Zeddicus]

I use "sha512" with a salt, sha1() will soon be just as bad as md5.

[JoshuaDams]

sha512 with salt was my suggestion (:

[Spudinski]

It really doesn't matter what encryption I use, I just like to focus on my actual website and database security.
If I make my website fort knox, how are they going to be able to see any password anyways.

But I prefer to salt my hashes as well, but using something a little different, the average oak would never think about.
I use a timestamps as salts, and just make a insert to the database with the password, and update the time stamp as well - this is just so brute-force attacks will take allot longer.

But these days, even I sit with the power of knowing about 2.5mil hashes in their "decrypted" form - so nothing is really going to help you regarding encrypting the passwords, rather secure your website.

[Danny696]

im thinking about whirlpool, not been decrypeted yet

[Zeddicus]

sha512 with salt was my suggestion (:

Look when I posted lol, you posted your 'encryption' technique 10 days *after* I said that.

I only posted mine without salt as it's not needed atm. (You know where.).

[JoshuaDams]

LOL this is the first time i've actually even bothered to browse through this section of the boards >,<

You posted your sha bit somewhere?

[Spudinski]

@danny - well, whirlpool is just another encryption, I'd suggest you don't use it, it's basically just a longer string than sha and md so it just uses more database space.

Also, the term and actually also the word decrypt doesn't exist, it's just a term that people use now days. All they do is compare the hash.

[CrimGame.com]

whirlpool is just longer... You are a expert?


This was tested with 1024000 bytes (1000 KB) of random data

Results: (in microseconds)
whirlpool - 64682.96
md5 - 6890.058
sha1 - 8886.098
sha384 - 45102.119
sha512 - 45655.965
Source php.net

It maybe longer but the fact of it using

Whirlpool: 3bff3f475277fd87357cd4d2fc97a134af5efe570910d21f
1185e391f78f7d4b7c33a0a289efe1632b2026d77074ff50
7691c24c9782c5cce654dd01ea446a15

MD5: e6bdf8faab4a42ab37e3e833641dfe90

SHA1: abe7076758e0937c13743d26f9323897b57cb4dc

SHA384: bb7b69c28c09d42212ec83ed40e2b3454233c72fd2c268c2
fbcce477312d65e4fb36382235bc3febadde73660ffbeb4a

SHA512: a5179ffb67450eb83f8cdd915ee8c3037bb4d87f7e677311
819d5fb3dafaf54ac4c55405c7997adad8df3d6615964dda
5aa67acf27ea4c62e1d40f049b531d81

Different hashes ain't "just longer strings", Whirlpool is one hash i've always wanted to explore and considering you say it will use more space then i wouldn't want to be on your hosting.

Maybe do a little research into encryptions/hashes and you'll work out they ain't "just longer strings".

[Spudinski]

Thanks for pointing out they use different encryption methods, eh?
Still, it doesn't matter what you encrypt "CrimGame.com " with, it can still be revealed by comparison.

[CrimGame.com]

find me 5 whirlpool comparison websites... think not
i could find 5 md5 comparison websites within seconds...

Whirlpool looks bigger so people will avoid it, it is bigger but shown in my previous post it loads data faster than md5 and sha1.

So Spud are you just stupid or do i have to basically spell it out for you, md5 is slower than whirlpool and it's been compared on so many websites, whirlpool is rarely compared and is faster.

The logically one to use would be whirlpool (even if it's "longer"), i mean come on it's obvious why even try and defend your plainly "blond moment" statement.

[Djkanna]

Hehe CrimGame

I use sha512 (no no-one told me too... Although I did get and idea of how to use random salts with it from someone else)

Use what you like that way if something should happen to go wrong you can only blame yourself

[Spudinski]

I've had it until here whit you Crim to be real honest with you, I don't see the point in arguing with someone with such minimal knowledge of security.

I guess you also expect Google to render you those pages of FBI's most top secret documents on the web too, eh?
No, I but I could find you a thousand websites that does comparisons that includes whirlpool, but I don't have the time to waste on minimalistic things, as you surely can - I'm sure you probably already did a Google search for it, eh?

Well, also, point 0.0000002 of a second really isn't going to matter as much as the space it will use in my database, since you began to drag out the analytics parts of this, I will too.
I'm not going to argue with you when you have truly NO knowledge about large scaled systems, and how they process data. But here is a tip for you, you keep running on that shared host of yours that gets - maybe, if even - 2k unique visits a month, and then leave the real "stuff" to the people who actually knows what the hell they are talking about.

[Cronus]

Topic Unlocked.

You can't simply get frustrated and lock topics because you think someone isn't "qualified" enough to have a part in the conversation. All parties involved need to calm down and discuss, without throwing punches. This is being DISCUSSED, not fought over.