md5 hash tuning

Следващата статия може да е върха на глупостта но както винаги съм казвал съм по добър админ от колкото кодер. Вчера докато си дращех едни AJAX скрипт и трябваше да изпращам малко данни които за валидация им ползвам хеш понеже скрипта не споделя едни $_SESSION масив и нещата стават леко несигурни. Затова правя следната свинщина всички памери които се подават по POST или GET си им правя един md5 хеш от конкатерираните параметри и после си го сравнявам. Като цяло не лоша схема мисля. Хеширащи алгоритми за тая цел бол MD5 , SHA, DESC and others. So far, things are clear, that we will use MD5 to hash the parameters (as in reality I do). We have 3 the parameter that is passed through GET i = 1 n = 2 m = 3 and let's say the hash string is 123 which makes us the following MD5 hash 202cb962ac59075b964b07152d234b70. So far nothing who knows what interesting. This hash will fall in a few seconds in any attack. Here comes the salt and pepper of my simple idea. Let's say I take the first and last symbol of the string and swap their places, this way we get a 002cb962ac59075b964b07152d234b72 hash which if someone hasn't read our code what kind of idiocy is done things get rough when trying to hack. In reality, the hash is different and even if it is sniffed, it is extremely useless. But why stop here we can divide the hash into several blocks, in this case MD5 is long 32 the character if divided by 4 block on 8 the symbol and their places are moved becomes even more unpleasant. By far the most pleasant effect is, that visually it's a standard md5 hash and the evil hahor can break as long as he wants. I'm not good at encryption and I can't plead for something who knows how fundamental and so on, but I like how simple it is as an idea and implementation and modern reliability is critically high not like the normal MD5 which with a more literate video card breaks for standard.

Here is a sample code for the first idea by swapping the first and last symbol elementary code from 3 line 🙂


$hash = '202cb962ac59075b964b07152d234b70';

$first = substr($hash,0,1);
$last = substr($hash,-1);
$rest = substr($hash,1,30);
$hash = $last.$rest.$first;
echo "The real hash is : $str <br> inverted hash is : $hash";

?> the Fvje9dzBHPM

Leave a Reply

Your email address will not be published. Required fields are marked *

Anti SPAM *