Results 1 to 25 of 27
Thread: Encryption
-
09-01-2004, 01:34 PM #1Web Hosting Guru
- Join Date
- Jun 2002
- Posts
- 302
Encryption
I am looking for a way to decrypt information in a way that would make it retrievable only given a specific string key used to decrypt it. I want to incorporate this kind of encryption into a php application. Is there a simple way to do this?
-
09-01-2004, 01:36 PM #2Web Hosting Evangelist
- Join Date
- May 2002
- Location
- Durham - UK
- Posts
- 450
For a secure encryption this is not going to be possible, although it would be a very useful function if it was available.
Barry
UK Based Freelance PHP Developer
PHP/SQL/Ajax/HTML5 - Contact for Quote
-
09-01-2004, 05:04 PM #3Junior Guru Wannabe
- Join Date
- Jul 2004
- Posts
- 78
what's wrong with using mcrypt?
http://us4.php.net/mcrypt
-c
-
09-01-2004, 05:13 PM #4Junior Guru Wannabe
- Join Date
- Aug 2004
- Location
- Miami
- Posts
- 65
* mcrypt works fine for crypt/decrypt (Remember to check if hosting has the extension installed, doesn't install by default)
* mhash works fine for crypt/decrypt but it has the same problem that mcrypt does.
* pear has some good hash functions that allow you to encrypt/decrypt without the actual need of compiling php with it. - http://pear.php.net/packages.php?cat...ame=Encryption (There are several encryption levels like CBC, HMAC, RCA. The benefists is that it doesn't require php extensions, the drawbacks is that is a bit slower - althought for personal tests it's not very significant)
Another alternative is md5 (it actually doesn't descrypt it but rather compares it)
EG: You have some string encrypted with md5 - something like xx3fds34gfdgfdgd543dfsfsdfs and what you do is not decrypt it but actually compare the md5 of the string to the encrypted value rather than decrypting and it will return true or false if it's good or wrong. If what you are looking for is a login system, md5 is the way to go, that's what professional scripts do like vbulletin, etc... rather than decrypting it it will compare the md5's
-
09-01-2004, 06:48 PM #5Junior Guru Wannabe
- Join Date
- Jul 2004
- Posts
- 78
Please don't confuse a cipher with a hash. A cipher will rely on a 'key' while a hash will rely on a seed. You can't get back what you hash, like ezCore said, you have to compare.
Also mhash is nothing like mcrypt, it is just what it says, a hash it does not encrypt/decrypt so i don't see how you can compare the two.
If you really want to encrypt/decrypt stuff stick with a real algorithm like 3DES or one of the 'fishes. If you want to hash, MD5 is a great choice. If you post up your requirements for security/speed/ease of use I can assist you in choosing an algorighm.
-c
-
09-01-2004, 08:05 PM #6Web Hosting Master
- Join Date
- Jun 2002
- Location
- San Diego, California
- Posts
- 788
You can *very* easily get back a hash, you just have to know how to do it.
-
09-01-2004, 09:09 PM #7Web Hosting Master
- Join Date
- Dec 2002
- Posts
- 1,304
Ok then, tough guy.
My root password md5hash is:
3b7188536f24d6807242f12e0b18f9c8
Figure it out, and I will tell you the IP of the machine. I also have a personal message in there for you should you find it.
BTW this is my 666th post... eeeeee!"The only difference between a poor person and a rich person is what they do in their spare time."
"If youth is wasted on the young, then retirement is wasted on the old"
-
09-01-2004, 09:51 PM #8Aspiring Evangelist
- Join Date
- Dec 2002
- Posts
- 376
Originally posted by Tee
You can *very* easily get back a hash, you just have to know how to do it.
You cant go a -> skljl34jlja3ljj3a -> a
you have to go.
if(md5(1) = skljl34jlja3ljj3a)( YAY!)
if(md5(2) = skljl34jlja3ljj3a)( YAY!)
if(md5(3) = skljl34jlja3ljj3a)( YAY!)
if(md5(4) = skljl34jlja3ljj3a)( YAY!)
and so on through the whole alphabet.
You cant just decode hashes you have to break them.
-
09-01-2004, 10:07 PM #9Web Hosting Master
- Join Date
- Dec 2002
- Posts
- 1,304
So to sum up what he said, basically a bruteforce attack.
Why not just bruteforce the password itself, not its hash?
This shows the useful nature and security of hashing."The only difference between a poor person and a rich person is what they do in their spare time."
"If youth is wasted on the young, then retirement is wasted on the old"
-
09-02-2004, 02:51 AM #10Junior Guru Wannabe
- Join Date
- Feb 2003
- Location
- Seattle, WA
- Posts
- 33
There have been programs created which "decrypt" md5 hashes in about 40 minutes, however the data files they use are approx 45gb last time I checked, and are not available to the public (although you can submit an md5 to be decrypted).
Notice I put "decrypt" in quotes, because that's not really what it's doing. Any number of different things can evaluate to the same md5 hash. What the program really does is find a string that, when md5 encoded, will evaluate to that hash. The easy solution to this problem is to include a salt, which makes the whole process much more difficult to break. So basically, instead of:
PHP Code:$password = "blah";
$hash = md5($password);
if ($md5($password) == $hash)
{
echo "yay!";
}
PHP Code:$password = "blah";
$salt = "decodethis!"
$hash = md5($password.$salt);
if ($md5($password.$salt) == $hash)
{
echo "yay!";
}
BTW the md5 thing was slashdotted, you can find more info at this page
-
09-02-2004, 02:52 AM #11Web Hosting Guru
- Join Date
- Jun 2002
- Posts
- 302
Originally posted by white_2kgt
...If you really want to encrypt/decrypt stuff stick with a real algorithm like 3DES or one of the 'fishes. If you want to hash, MD5 is a great choice. If you post up your requirements for security/speed/ease of use I can assist you in choosing an algorighm.
-c
What I am looking for is not something like MD5 but a way to store information securely so that even if someone breaks into my database they won't be able to read what they find (or at least won't be able to do so easily). The idea is to allow users store personal information only they can access with a secret key that would make the information available to them only.
The encryption should to be reasonably hard to break, but since users are not supposed to store sensitive information such as credit card numebrs, ease of use and speed are more important than total security. I don't think anybody will ever bother to try to break into my database -- I just want to make users feel they don't have to worry too much about storing information on the system.
-
09-02-2004, 03:28 AM #12Web Hosting Master
- Join Date
- Jun 2002
- Location
- San Diego, California
- Posts
- 788
http://eprint.iacr.org/2004/199.pdf *cough* ahem, oh btw innova ill be pming you shortly.
-
09-02-2004, 12:48 PM #13Aspiring Evangelist
- Join Date
- Dec 2002
- Posts
- 376
Originally posted by BluParadox
There have been programs created which "decrypt" md5 hashes in about 40 minutes, however the data files they use are approx 45gb last time I checked, and are not available to the public (although you can submit an md5 to be decrypted).
Notice I put "decrypt" in quotes, because that's not really what it's doing. Any number of different things can evaluate to the same md5 hash. What the program really does is find a string that, when md5 encoded, will evaluate to that hash. The easy solution to this problem is to include a salt, which makes the whole process much more difficult to break. So basically, instead of:
BTW the md5 thing was slashdotted, you can find more info at this page
-
09-02-2004, 02:58 PM #14Junior Guru Wannabe
- Join Date
- Aug 2004
- Location
- Miami
- Posts
- 65
Go for a encrypt/decrypt function available at php's pear and you will be fine. Ignore all the rest
-
09-02-2004, 03:07 PM #15Junior Guru Wannabe
- Join Date
- Feb 2003
- Location
- Seattle, WA
- Posts
- 33
Originally posted by f0urtyfive
That program is just a brute force attack that is stored into a database. Since you can go through the database faster then you could generate the hashes, it is slightly faster then just a normal brute force, but it wont break every hash (well it would, but it would take petabytes and thousands of years with current processing strength). It still wont break a strong password.
-
09-02-2004, 03:33 PM #16Junior Guru
- Join Date
- Jan 2003
- Location
- Europe
- Posts
- 234
that's not a brute force, that's a dictionary based attack
-
09-02-2004, 04:54 PM #17Junior Guru Wannabe
- Join Date
- Jul 2004
- Posts
- 78
innova, noone will be able to tell you what you 'password' is but we can get another string that will hash to that string, quite easily as a matter of fact. You're password might be '!u&tGn' but using a brute force method you might get 'aaatrhh' that when MD5'd will result in '!u&tGn', either 'aaatrhh' or your 'real' root password would let me in the system. This was a problem with message boards that used the php md5 function, if there were the same members on 2 different boards and one board admin brute force attacked the hash of a member on his board he could take the result and log in as that user on another message board. This is one reason why vBulletin has added a 'salt' to their password hash function, even if the password is the same the salt won't be and it is unique to each board. Making the process harder. I'd suggest changing your root password .
Originally posted by okok
Thank you white_2kgt and ezCore.
What I am looking for is not something like MD5 but a way to store information securely so that even if someone breaks into my database they won't be able to read what they find (or at least won't be able to do so easily). The idea is to allow users store personal information only they can access with a secret key that would make the information available to them only.
The encryption should to be reasonably hard to break, but since users are not supposed to store sensitive information such as credit card numebrs, ease of use and speed are more important than total security. I don't think anybody will ever bother to try to break into my database -- I just want to make users feel they don't have to worry too much about storing information on the system.
-c
-
09-02-2004, 07:09 PM #18Web Hosting Master
- Join Date
- Dec 2002
- Posts
- 1,304
Lets take this thread further, as it really clears up some nice things.
I know that there are collisions in MD5, in terms of probability it is guaranteed there are a LOT of collisions.
What the other guy refers to is a huge table of known md5 hashes and the strings that produced them. Essentially a massive bruteforce effort, I was wondering when/if someone would generate such a list.
That isnt my root password BTW - just trying to get you all excited.
As for storing data securely.. its obvious that hash functions arent intended for this purpose.
So, you are left with 2 options:
1) Private-key (symmetric)
2) Public-key
Private key
The main issue with symmetric encryption is that you must store your encryption key on the server itself (so it can encrypt your data). Storing a key in plaintext is not much better than not encrypting at all.
So lets say we have a php/mysql implementation. How about storing your key compiled to bytecode in a script using zen/ioncube? Can someone comment on the safety of doing so?
A problem that I can think of with doing this is lets say someone got root, and downloaded your sql data (encrypted) and your php scripts that encrypt/decrypt your sql data. Is it possible to exploit the compiled bytecode script to decode your data? I am just tossing this out there as I do not really know the answer. Hopefully someone can share their wisdom.
Public Key
Most common example I think is GPG/PGP. Your data is encrypted using a public key that was generated from your private key. The public key can be posted anywhere you want.. billboard, t-shirt, etc. Hand it out.
When you want to decrypt the data, you will need to use your private key to do so. Lots of people send the protected data via email and decrypt it privately offline with their private key. Think about this - you dont want your private key stored on the server or else the whole system falls apart.
Food for thought. Hope we can continue this talk."The only difference between a poor person and a rich person is what they do in their spare time."
"If youth is wasted on the young, then retirement is wasted on the old"
-
09-02-2004, 08:36 PM #19Web Hosting Master
- Join Date
- Oct 2003
- Location
- Georgetown, Ontario
- Posts
- 1,771
If you think md5 hashes can't be broken down into the original string, you're somewhat right and somewhat wrong.
http://slashdot.org/articles/04/08/1...&tid=1&tid=218
Scary stuff·· Repeat after me... ProSupport is the best... Prosupport is... ··
ProSupport Host Support System - OUT NOW! Grab a copy yourself and see what the hype is about!
VertiHost Inc. - We run a quality business. Do you?
-
09-02-2004, 08:43 PM #20Web Hosting Master
- Join Date
- Jun 2002
- Location
- San Diego, California
- Posts
- 788
An application has been created based on that guy's methods called "md5col" that can get all the colisions for an md5 in less then 40 mins no matter what the length, MD5 algorithm is now pretty much useless except agenist script kiddies, any "real" hacker could easily get past it, I personally hope a new better quality hash algorithm will be created in the next year or so, Its really needed at this point.
-
09-02-2004, 10:50 PM #21Junior Guru Wannabe
- Join Date
- Jul 2004
- Posts
- 78
innova, While you have a basic down you're missing a fundamental aspect of public key encryption. In almost every implementation of PKE a symmetric key is still used. The symmetric key is used to encrypt the data and then the sender’s private key is used to encrypt the symmetric key and both are transferred. At the other end the key is decrypted with the sender’s public key and then the message is decrypted with the symmetric key.
This is done because PKE is slow, very slow for encrypting large amounts of data. You would not want to encrypt your database fields using PKE for delivery over the web. This brings us back to the key management problem of storing a key on a server. This is the very problem that exists in the encryption world today. There is no easy solution, even in compiled code the key is still stored in a relative easy format to extract, eps if you know where to look. The only real solution to solving this problem is using a third party hardware device to store the key.
In the past I have used nCipher HSM’s. They provide you with a piece of hardware that will hang off the network or attach directly to the server via a SCSI interface. The keys are protected either by the module (if you are doing web transactions) or by smart cards (if you are doing per to per transactions), actually they are always protected by the module but the smart card unlocks a ‘token’ that allow the use of the key, but that’s neither hear or there. The advantage of using this device is even if someone does hack your server and downloads your database and each and every file on the server it will be useless to them because the hardware module contains the key and it is required to decrypt the data. Key management problem solved.
Now I realize this is impractical for most people as the cheapest device is around $10k (American). For a transaction process system on a tight budget system security is usually your only option, hence why so many people here are system security zealots.
-c
-
09-03-2004, 01:21 AM #22Web Hosting Evangelist
- Join Date
- Mar 2004
- Location
- New Zealand
- Posts
- 532
Originally posted by Tee
An application has been created based on that guy's methods called "md5col" that can get all the colisions for an md5 in less then 40 mins no matter what the length, MD5 algorithm is now pretty much useless except agenist script kiddies, any "real" hacker could easily get past it, I personally hope a new better quality hash algorithm will be created in the next year or so, Its really needed at this point.
MD5 is not useless, the user still has to KNOW the md5 to be able to generate collisons, and frankly if they have access enough to find that out then you have bigger problems laddie.
-
09-03-2004, 02:30 AM #23Web Hosting Master
- Join Date
- Jun 2002
- Location
- San Diego, California
- Posts
- 788
gogocode:
They could easily get an md5 hash for a superuser on a forum / phpnuke site etc...
-
09-03-2004, 10:08 AM #24Web Hosting Master
- Join Date
- Dec 2002
- Posts
- 1,304
even in compiled code the key is still stored in a relative easy format to extract, eps if you know where to look
I admit that my underlying assumption is that you cannot at least directly "decompile" a compiled script, as it exists in machine code.
Now, I also realize that via analysis someone could work out what your script does.. function calls.. but its a far cry from simply extracting the original code, and if they knew how to do this they could more easily duplicate your coding efforts.
That piece of information doesnt solve the key storage dilemma though.. so could you or someone elaborate how you might use / extract a key inside a php script compiled into bytecode? Pretty important topic.. I see a lot of people doing this and I have been assured by more than a couple "developers" that this is bulletproof.. of course I tend to sway to the skeptical side."The only difference between a poor person and a rich person is what they do in their spare time."
"If youth is wasted on the young, then retirement is wasted on the old"
-
09-03-2004, 10:21 AM #25Junior Guru
- Join Date
- Jan 2003
- Location
- Europe
- Posts
- 234
one more idea is to spread the info on few boxes. each containing only a part of info needed to decrypt the data. so the hacker will have to hack all boxes.