Jump to content

Changing 'password' into md5

2old2learn?

By 2old2learn?
in SQL

Recommended Posts

2old2learn? Member

2old2learn?

Posted
Posted

Hey; I have in the table " users " and in the table I already have a field " passwords " is there a way in phpmyadmin to change the field into a " md5 " instead of seeing the password.... At this time I don't have a registration form for users..and wish to get this done with out using a registration form..I will input users manually.. Thanks..

Link to comment
Share on other sites
birbal Devoted Member

birbal

Posted
Posted

In your phpmyadmin there is a option for using function when you insert something. you can find md5 there

Link to comment
Share on other sites
2old2learn? Member

2old2learn?

Posted
  • Author
Posted
In your phpmyadmin there is a option for using function when you insert something. you can find md5 there
Hey thanks I thought there was something there but wasn't too sure..this also can be done creating a create " Table " , " User " , " password " file...
Link to comment
Share on other sites
Sl0G Newbie

Sl0G

Posted
Posted
Hey thanks I thought there was something there but wasn't too sure..this also can be done creating a create " Table " , " User " , " password " file...
Both PHP and Javascript have a function to return the MD5 hash of a string.Also MySQL has support for the functions MD5(str) and SHA2(str, hash_length).http://dev.mysql.com/doc/refman/5.5/en/enc...ml#function_md5http://dev.mysql.com/doc/refman/5.5/en/enc...l#function_sha2I do not know if any of the other database applications have support for it but they should have. I suggest to read up in their user manual.
Link to comment
Share on other sites
2old2learn? Member

2old2learn?

Posted
  • Author
Posted
Both PHP and Javascript have a function to return the MD5 hash of a string.Also MySQL has support for the functions MD5(str) and SHA2(str, hash_length).http://dev.mysql.com/doc/refman/5.5/en/enc...ml#function_md5I do not know if any of the other database applications have support for it but they should have. I suggest to read up in their user manual.
Hey thanks..I am aware that php and javascript have a function to return..just wanted to make sure before I proceeded on...
Link to comment
Share on other sites
2old2learn? Member

2old2learn?

Posted
  • Author
Posted

Hey Okay I found how to do it the encryption thru phpMyAdmin..will make these changes once I get home from work..thanks all...as usual.... :)

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

It's best not to use MD5, it's old and busted. SHA-1 should be used as a minimum, for better security use one of the SHA-2 variants like SHA-256 or SHA-512. If you have the data in the database already, you can write a short script to convert everything, e.g.:

<?php$con = mysql_connect('host', 'user', 'pass') or exit(mysql_error());mysql_select_db('db_name', $con) or exit(mysql_error());$result = mysql_query('SELECT id, password FROM table') or exit(mysql_error());while ($row = mysql_fetch_assoc($result)){  mysql_query('UPDATE table SET password=\'' . hash('sha256', $row['password']) . \'' WHERE id=' . $row['id']) or exit(mysql_error());}?>

Make sure to backup your table data first, because it's not possible to undo that script. If an error happens your data won't be recoverable, you'll need to restore the backup and try it again.

Link to comment
Share on other sites
2old2learn? Member

2old2learn?

Posted
  • Author
Posted
It's best not to use MD5, it's old and busted. SHA-1 should be used as a minimum, for better security use one of the SHA-2 variants like SHA-256 or SHA-512. If you have the data in the database already, you can write a short script to convert everything, e.g.:
<?php$con = mysql_connect('host', 'user', 'pass') or exit(mysql_error());mysql_select_db('db_name', $con) or exit(mysql_error());$result = mysql_query('SELECT id, password FROM table') or exit(mysql_error());while ($row = mysql_fetch_assoc($result)){  mysql_query('UPDATE table SET password=\'' . hash('sha256', $row['password']) . \'' WHERE id=' . $row['id']) or exit(mysql_error());}?>

Make sure to backup your table data first, because it's not possible to undo that script. If an error happens your data won't be recoverable, you'll need to restore the backup and try it again.

Cool its just a test database right now..so any error's is not a big deal...Thanks JSG :)
Link to comment
Share on other sites
Sl0G Newbie

Sl0G

Posted
Posted

Soon SHA-3 will come out. :) No idea what you are coding however I can not see any danger in using MD5 or SHA-1 for a standard website. The resources it takes to crack these using automated tools are to expensive for any amateur hacker. SHA-2 is a government developed algorithm.But if it scares you that much follow NIST who said not to use SHA-1 no more after 2010 (for government agency's). I believe that no one interested in cracking a normal sites database can afford the computational power to brute-force the hashes (strength of 2^52) not to mention that I can not see them wait several, what is it? Years for a result...

Link to comment
Share on other sites
2old2learn? Member

2old2learn?

Posted
  • Author
Posted
Soon SHA-3 will come out. :) No idea what you are coding however I can not see any danger in using MD5 or SHA-1 for a standard website. The resources it takes to crack these using automated tools are to expensive for any amateur hacker. SHA-2 is a government developed algorithm.But if it scares you that much follow NIST who said not to use SHA-1 no more after 2010 (for government agency's). I believe that no one interested in cracking a normal sites database can afford the computational power to brute-force the hashes (strength of 2^52) not to mention that I can not see them wait several, what is it? Years for a result...
Thanks for info this project is just for office use...only wish to create a login script..no register, users will be manually entered.... :)
Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted
No idea what you are coding however I can not see any danger in using MD5 or SHA-1 for a standard website. The resources it takes to crack these using automated tools are to expensive for any amateur hacker.
I don't really agree with that. From the Wikipedia article on MD5:
The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6Ghz Pentium4 processor (complexity of 224.1). The ability to find collisions has been greatly aided by the use of off-the-shelf GPUs. On an NVIDIA GeForce 8400GS graphics processor, 16-18 million hashes per second can be computed. An NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per second.
http://bvernoux.free.fr/md5/index.php
Link to comment
Share on other sites
Sl0G Newbie

Sl0G

Posted
Posted
Thanks for that link at first.However I keep standing by what I said when it comes to basic web sites and applications. Most crackers will use rainbow tables for attacks on hashed string and when it comes to that MD5, SHA-1 and SHA-2 are each others equal.Best advise I always give people is to use a strong 'cake' when they need to hash a string into a database.
Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted
Most crackers will use rainbow tables for attacks on hashed string and when it comes to that MD5, SHA-1 and SHA-2 are each others equal.
If they're equal, why would anyone choose the least secure of them? If they have the same benefits, wouldn't it simply make sense to use the most cryptographically strong one? I just don't see a reason for anyone to suggest using MD5 for anything when there are better alternatives. There's not a single reason to use MD5 over SHA-1. Yeah, you can use 8 fewer bytes to store the data, but you're trading stronger security for 8 bytes of space. It's not a question about whether or not it's "good enough" (it hasn't been good enough for years), it's a question about what are the benefits of using it. With MD5, there are no benefits.
Link to comment
Share on other sites
2old2learn? Member

2old2learn?

Posted
  • Author
Posted
It's best not to use MD5, it's old and busted. SHA-1 should be used as a minimum, for better security use one of the SHA-2 variants like SHA-256 or SHA-512. If you have the data in the database already, you can write a short script to convert everything, e.g.:
<?php$con = mysql_connect('host', 'user', 'pass') or exit(mysql_error());mysql_select_db('db_name', $con) or exit(mysql_error());$result = mysql_query('SELECT id, password FROM table') or exit(mysql_error());while ($row = mysql_fetch_assoc($result)){  mysql_query('UPDATE table SET password=\'' . hash('sha256', $row['password']) . \'' WHERE id=' . $row['id']) or exit(mysql_error());}?>

Make sure to backup your table data first, because it's not possible to undo that script. If an error happens your data won't be recoverable, you'll need to restore the backup and try it again.

Okay just reading over the posts..between you and SI0G, and I looked over this script you gave..if I run this it will encrypt my password to sha256???Many thanks....
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...