Info:
Posted in: Learned along the way
By: Blockcoder ( Admin ) / October 14th, 2011
Stats: one response / Views: 565
Okay, lets say you have a password “idkfa“. You want to make md5 hash for it:
encrypting_function( 'idkfa' );
function encrypting_function( $pass ) {
//$pass = idkfa
return md5( $pass );
}
//Your "idkfa" password will now be a hashed string: "1832116180fdc61b64fd978401e462e9".
So, it makes md5 hash for your string. It is very important that you know that md5 hash does exactly the same encryption to exactly the same string, there won’t be any random encryption. The hash is also case-sensitive.
I will show you now what I ment:
echo md5( 'idkfa' ); echo md5( 'iDkfa' ); //notice that the letter d is now uppercase D! Output of the 'idkfa' is still the same = "1832116180fdc61b64fd978401e462e9" But, the output for the 'iDkfa' = "923b68deed11c6964f3934977a9021af"
As you may notice, they completely different.
As the two strings are different — you can encrypt your strings ( passwords etc.. ) and compare them to other encrypted passwords:
compare_passwords( 'iddqdddd' );
function compare_passwords( $passwd2 ){
$passwd1 = md5( 'iddqd' );
$encrypted_passwd2 = md5( $passwd2 )
if ( $passwd1 != $encrypted_passwd2 )
{
echo "passwords are different!";
}
else { echo "passwords are the same!"; }
}
In this case the output will be “passwords are different!“. The encryption of these two strings will be:
As you compare these hashes, they are completely different.
Now it’s time for a salting technique. If you really want to secure your data, you should practice how to salt things:
function salt_encryption( $password ){
//salt could be any random string you want
$salt = "idsjkaso34fdk32DFds3";
//lets do some salting
$password = md5( $password );
$password = $password.$salt.$salt; // hashed password + 2 x salt strings.
return $password;
}
After this, your password is “salted“.
Thank you, I hope this helps somehow to understand what md5 hash does — and what salting is!