php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #26204 md5 challenge
Submitted: 2003-11-11 10:24 UTC Modified: 2003-11-11 12:50 UTC
From: hagman at hotbrev dot com Assigned:
Status: Wont fix Package: Feature/Change Request
PHP Version: Irrelevant OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: hagman at hotbrev dot com
New email:
PHP Version: OS:

 

 [2003-11-11 10:24 UTC] hagman at hotbrev dot com 
Description:
------------
An optional parameter for MD5(), for challenge, this makes it much harder to bruteforce MD5 hashes. Crypt only supports (random) one-way hashes?

Reproduce code:
---------------
The source on this has a javascript version.

http://www.zonline.jamtland.se/login

Expected result:
----------------
more secure hashes.

Actual result:
--------------
i dunno

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-11-11 12:50 UTC] jay@php.net 
Is this keyed hashes we're talking about here? HMAC-type 
stuff? 
 
The mhash provides what you're looking for. There's also 
an example in the manual in the comments for the mhash 
function for doing keyed MD5 hashes without installing the 
mhash extension. 
 
btw, brute forcing MD5 isn't something that's particularly 
easy, keyed or otherwise.  
 
J
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Jun 11 17:01:35 2024 UTC