What is md5() for?

Question

I was reading this tutorial for a simple PHP login system.

In the end it recommends that you should encrypt your password using md5().

Though I know this is a beginners' tutorial, and you shouldn't put bank statements behind this login system, this got me thinking about encryption.

So I went ahead and went to (one of the most useful questions this site has for newbies): What should a developer know before building a public web site?

There it says (under security) you should:

Encrypt Hash and salt passwords rather than storing them plain-text.

It doesn't say much more about it, no references.

So I went ahead and tried it myself:

$pass = "Trufa"; $enc = md5($pass);  echo $enc; #will echo 06cb51ce0a9893ec1d2dce07ba5ba710 

And this is what got me thinking, that although I know md5() might not the strongest way to encrypt, anything that always produces the same result can be reverse engineered.

So what is the sense of encrypting something with md5() or any other method?

If a hacker gets to a password encrypted with md5(), he would just use this page!.

So now the actual questions:

1. How does password encryption work?

I know I have not discovered a huge web vulnerability here! :) I just want to understand the logic behind password encryption.

I'm sure I'm understanding something wrong, and would appreciate if you could help me set my though and other's (I hope) straight.

How would you have to apply password encryption so that it is actually useful?

2. What about this idea?

As I said, I may/am getting the whole idea wrong, but, would this method add any security in security to a real environment?

$reenc = array(  "h38an",  "n28nu",  "fw08d"  );  $pass = "Trufa";  $enc = chunk_split(md5($pass),5,$reenc[mt_rand(0,count($reenc)-1)]);  echo $enc; 

As you see, I randomly added arbitrary strings ($reenc = array()) to my md5() password "making it unique". This of course is just a silly example.

I may be wrong but unless you "seed the encryption yourself" it will always be easily reversible.

The above would be my idea of "password protecting" and encrypted password, If a hacker gets to it he wont be able to decrypt it unless he gets access to the raw .php

I know this might not even make sense, but I can't figure out why this is a bad idea!

---

I hope I've made myself clear enough, but this is a very long question so, please ask for any clarification needed!

Thanks in advance!!

Answer 1

You should have an encryption like md5 or sha512. You should also have two different salts, a static salt (written by you) and then also a unique salt for that specific password.

Some sample code (e.g. registration.php):

$unique_salt = hash('md5', microtime());  $password = hash('md5', $_POST['password'].'raNdoMStAticSaltHere'.$unique_salt); 

Now you have a static salt, which is valid for all your passwords, that is stored in the .php file. Then, at registration execution, you generate a unique hash for that specific password.

This all ends up with: two passwords that are spelled exactly the same, will have two different hashes. The unique hash is stored in the database along with the current id. If someone grab the database, they will have every single unique salt for every specific password. But what they don't have is your static salt, which make things a lot harder for every "hacker" out there.

This is how you check the validity of your password on login.php for example:

$user = //random username; $querysalt = mysql_query("SELECT salt FROM password WHERE username='$user'"); while($salt = mysql_fetch_array($querysalt)) {     $password = hash('md5',           $_POST['userpassword'].'raNdoMStAticSaltHere'.$salt[salt]); } 

This is what I've used in the past. It's very powerful and secure. Myself prefer the sha512 encryption. It's actually just to put that inside the hash function instead of md5 in my example.

If you wanna be even more secure, you can store the unique salt in a completely different database.