Jump to content

Changing 'password' into md5


Recommended Posts

Hey; I have in the table " users " and in the table I already have a field " passwords " is there a way in phpmyadmin to change the field into a " md5 " instead of seeing the password.... At this time I don't have a registration form for users..and wish to get this done with out using a registration form..I will input users manually.. Thanks..

Link to post
Share on other sites

In your phpmyadmin there is a option for using function when you insert something. you can find md5 there

Edited by birbal
Link to post
Share on other sites
In your phpmyadmin there is a option for using function when you insert something. you can find md5 there
Hey thanks I thought there was something there but wasn't too sure..this also can be done creating a create " Table " , " User " , " password " file...
Link to post
Share on other sites
Hey thanks I thought there was something there but wasn't too sure..this also can be done creating a create " Table " , " User " , " password " file...
Both PHP and Javascript have a function to return the MD5 hash of a string.Also MySQL has support for the functions MD5(str) and SHA2(str, hash_length).http://dev.mysql.com/doc/refman/5.5/en/enc...ml#function_md5http://dev.mysql.com/doc/refman/5.5/en/enc...l#function_sha2I do not know if any of the other database applications have support for it but they should have. I suggest to read up in their user manual. Edited by Sl0G
Link to post
Share on other sites
Both PHP and Javascript have a function to return the MD5 hash of a string.Also MySQL has support for the functions MD5(str) and SHA2(str, hash_length).http://dev.mysql.com/doc/refman/5.5/en/enc...ml#function_md5I do not know if any of the other database applications have support for it but they should have. I suggest to read up in their user manual.
Hey thanks..I am aware that php and javascript have a function to return..just wanted to make sure before I proceeded on...
Link to post
Share on other sites

It's best not to use MD5, it's old and busted. SHA-1 should be used as a minimum, for better security use one of the SHA-2 variants like SHA-256 or SHA-512. If you have the data in the database already, you can write a short script to convert everything, e.g.:

<?php$con = mysql_connect('host', 'user', 'pass') or exit(mysql_error());mysql_select_db('db_name', $con) or exit(mysql_error());$result = mysql_query('SELECT id, password FROM table') or exit(mysql_error());while ($row = mysql_fetch_assoc($result)){  mysql_query('UPDATE table SET password=\'' . hash('sha256', $row['password']) . \'' WHERE id=' . $row['id']) or exit(mysql_error());}?>

Make sure to backup your table data first, because it's not possible to undo that script. If an error happens your data won't be recoverable, you'll need to restore the backup and try it again.

Link to post
Share on other sites
It's best not to use MD5, it's old and busted. SHA-1 should be used as a minimum, for better security use one of the SHA-2 variants like SHA-256 or SHA-512. If you have the data in the database already, you can write a short script to convert everything, e.g.:
<?php$con = mysql_connect('host', 'user', 'pass') or exit(mysql_error());mysql_select_db('db_name', $con) or exit(mysql_error());$result = mysql_query('SELECT id, password FROM table') or exit(mysql_error());while ($row = mysql_fetch_assoc($result)){  mysql_query('UPDATE table SET password=\'' . hash('sha256', $row['password']) . \'' WHERE id=' . $row['id']) or exit(mysql_error());}?>

Make sure to backup your table data first, because it's not possible to undo that script. If an error happens your data won't be recoverable, you'll need to restore the backup and try it again.

Cool its just a test database right now..so any error's is not a big deal...Thanks JSG :)
Link to post
Share on other sites

Soon SHA-3 will come out. :) No idea what you are coding however I can not see any danger in using MD5 or SHA-1 for a standard website. The resources it takes to crack these using automated tools are to expensive for any amateur hacker. SHA-2 is a government developed algorithm.But if it scares you that much follow NIST who said not to use SHA-1 no more after 2010 (for government agency's). I believe that no one interested in cracking a normal sites database can afford the computational power to brute-force the hashes (strength of 2^52) not to mention that I can not see them wait several, what is it? Years for a result...

Link to post
Share on other sites
Soon SHA-3 will come out. :) No idea what you are coding however I can not see any danger in using MD5 or SHA-1 for a standard website. The resources it takes to crack these using automated tools are to expensive for any amateur hacker. SHA-2 is a government developed algorithm.But if it scares you that much follow NIST who said not to use SHA-1 no more after 2010 (for government agency's). I believe that no one interested in cracking a normal sites database can afford the computational power to brute-force the hashes (strength of 2^52) not to mention that I can not see them wait several, what is it? Years for a result...
Thanks for info this project is just for office use...only wish to create a login script..no register, users will be manually entered.... :)
Link to post
Share on other sites
No idea what you are coding however I can not see any danger in using MD5 or SHA-1 for a standard website. The resources it takes to crack these using automated tools are to expensive for any amateur hacker.
I don't really agree with that. From the Wikipedia article on MD5:
The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6Ghz Pentium4 processor (complexity of 224.1). The ability to find collisions has been greatly aided by the use of off-the-shelf GPUs. On an NVIDIA GeForce 8400GS graphics processor, 16-18 million hashes per second can be computed. An NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per second.
http://bvernoux.free.fr/md5/index.php
Link to post
Share on other sites
Thanks for that link at first.However I keep standing by what I said when it comes to basic web sites and applications. Most crackers will use rainbow tables for attacks on hashed string and when it comes to that MD5, SHA-1 and SHA-2 are each others equal.Best advise I always give people is to use a strong 'cake' when they need to hash a string into a database.
Link to post
Share on other sites
Most crackers will use rainbow tables for attacks on hashed string and when it comes to that MD5, SHA-1 and SHA-2 are each others equal.
If they're equal, why would anyone choose the least secure of them? If they have the same benefits, wouldn't it simply make sense to use the most cryptographically strong one? I just don't see a reason for anyone to suggest using MD5 for anything when there are better alternatives. There's not a single reason to use MD5 over SHA-1. Yeah, you can use 8 fewer bytes to store the data, but you're trading stronger security for 8 bytes of space. It's not a question about whether or not it's "good enough" (it hasn't been good enough for years), it's a question about what are the benefits of using it. With MD5, there are no benefits.
Link to post
Share on other sites
It's best not to use MD5, it's old and busted. SHA-1 should be used as a minimum, for better security use one of the SHA-2 variants like SHA-256 or SHA-512. If you have the data in the database already, you can write a short script to convert everything, e.g.:
<?php$con = mysql_connect('host', 'user', 'pass') or exit(mysql_error());mysql_select_db('db_name', $con) or exit(mysql_error());$result = mysql_query('SELECT id, password FROM table') or exit(mysql_error());while ($row = mysql_fetch_assoc($result)){  mysql_query('UPDATE table SET password=\'' . hash('sha256', $row['password']) . \'' WHERE id=' . $row['id']) or exit(mysql_error());}?>

Make sure to backup your table data first, because it's not possible to undo that script. If an error happens your data won't be recoverable, you'll need to restore the backup and try it again.

Okay just reading over the posts..between you and SI0G, and I looked over this script you gave..if I run this it will encrypt my password to sha256???Many thanks.... Edited by 2old2learn?
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...