The next article may be the tip of the iceberg, but as I've always said, I'm a better admin than an encoder.. Вчера докато си дращех едни AJAX скрипт и трябваше да изпращам малко данни които за валидация им ползвам хеш понеже скрипта не споделя едни $_SESSION масив и нещата стават леко несигурни. So I do the following pork all sizes that are submitted by POST or GET I make them an md5 hash of the concatenated parameters and then I compare it. Overall not a bad scheme I think. Hashing algorithms for this purpose pain MD5 , SHA, DESC and others. So far, things are clear, that we will use MD5 to hash the parameters (as in reality I do). We have 3 the parameter that is passed through GET i = 1 n = 2 m = 3 and let's say the hash string is 123 which makes us the following MD5 hash 202cb962ac59075b964b07152d234b70. So far nothing who knows what interesting. This hash will fall in a few seconds in any attack. Here comes the salt and pepper of my simple idea. Let's say I take the first and last symbol of the string and swap their places, this way we get a 002cb962ac59075b964b07152d234b72 hash which if someone hasn't read our code what kind of idiocy is done things get rough when trying to hack. In reality, the hash is different and even if it is sniffed, it is extremely useless. But why stop here we can divide the hash into several blocks, in this case MD5 is long 32 the character if divided by 4 block on 8 the symbol and their places are moved becomes even more unpleasant. By far the most pleasant effect is, that visually it's a standard md5 hash and the evil hahor can break as long as he wants. I'm not good at encryption and I can't plead for something who knows how fundamental and so on, but I like how simple it is as an idea and implementation and modern reliability is critically high not like the normal MD5 which with a more literate video card breaks for standard.
Here is a sample code for the first idea by swapping the first and last symbol elementary code from 3 line 🙂
<?php $hash = '202cb962ac59075b964b07152d234b70'; $first = substr($hash,0,1); $last = substr($hash,-1); $rest = substr($hash,1,30); $hash = $last.$rest.$first; echo "The real hash is : $str <br> inverted hash is : $hash"; ?>
http://www.youtube.com/watch?= the Fvje9dzBHPM