How do i create a hash algorithm, like what is the syntax, and can i get an example

not like string hash ( string algo, string data [, bool raw_output] )

but i want to no how to create the string algo.

echo md5($string);
//or
echo sha1($string);
//or
echo sha1(md5($string));
//or
echo md5(sha1($string));


Or any other combination of them, there are more hashing functions out there too.

no, i know how to USE one, but i want to create one.

no, i know how to USE one, but i want to create one.

No, I don't think this is what you want to do. For one, you are new and it is doubtful you can create a truely secure algorithm. I tried, for days. It is alot harder then it looks. Stay simple, man. Learn.

if it is anything like c in computer programming, then i can do it, i just need to know where to look.

No, I don't think this is what you want to do. For one, you are new and it is doubtful you can create a truely secure algorithm. I tried, for days. It is alot harder then it looks. Stay simple, man. Learn.

He made it clear what he wants to do, but I agree that its not the best of ideas. The pre-made hasing algorithms have been well thought out and re-revised more than once.

However if you really want to go ahead and make your own hash algorithm, just remember some of the important parts:

1. One way... Cant be decrypted by any logical method.
2. Same value each time... You cant bring anything random into it, otherwise the hash will not likley be the same next time.

Take a look at the RFC for the Message Digest Algorithm (used as md5() in PHP) for inspiration:

http://www.ietf.org/rfc/rfc1321.txt

thank you.

He made it clear what he wants to do, but I agree that its not the best of ideas. The pre-made hasing algorithms have been well thought out and re-revised more than once.

However if you really want to go ahead and make your own hash algorithm, just remember some of the important parts:

1. One way... Cant be decrypted by any logical method.
2. Same value each time... You cant bring anything random into it, otherwise the hash will not likley be the same next time.

Take a look at the RFC for the Message Digest Algorithm (used as md5() in PHP) for inspiration:

http://www.ietf.org/rfc/rfc1321.txt

I obviously know what he wants to do, the comment only means its not something you would want to do being so new to PHP. From simple glances at his topics he doesn't have enough of the construct of the PHP language to create it.

One way, if you want to start simple, and have it only one way, is to run through the string provided, and then output the character replacement (or characters replacement.)



function thehash($string) {
for($i = 0; $i < strlen($string); $i++);
// Add replacements, like a = 1 or whatever.
$rep = array ( // These replacements are just for the example!
"a" => "1",
"A" => "2"
)
foreach($rep as $key => $val) {
if ($string{$i} == $key) {
$ret .= $val;
}
}
}
return $ret;
}



But see, that is so simple it would be thought of as a "kiddy hash" or something similar.

thanks, i got my answer.

I obviously know what he wants to do, the comment only means its not something you would want to do being so new to PHP. From simple glances at his topics he doesn't have enough of the construct of the PHP language to create it.

... I know, which is what i said :confused:


function thehash($string) {
for($i = 0; $i < strlen($string); $i++);
// Add replacements, like a = 1 or whatever.
foreach($rep as $key => $val) {
if ($string{$i} == $key) {
$ret .= $val;
}
}
}
return $ret;
}


Just clarify... thats not a hash replacing one letter with another is decryptable for someone who takes the time to work it out. A simple example of a function like this is the built in str_rot13 (http://www.php.net/str-rot13).

... I know, which is what i said :confused:



Just clarify... thats not a hash replacing one letter with another is decryptable for someone who takes the time to work it out. A simple example of a function like this is the built in str_rot13 (http://www.php.net/str-rot13).

But isn't md5 or something easy to break like that as well? I heard all you gotta do is md5 ( char() ); to find out how it runs.

And yeah, like I siad int he above example, character, or characters. But yeah, very similar to the very pointless str_rot13()

But isn't md5 or something easy to break like that as well? I heard all you gotta do is md5 ( char() ); to find out how it runs.

You have been severely mal-informed. MD5 is basically impossible to break. The only *sort* of solution is to have a database of md5 hashes to the initial string, however it is possible that some duplicates occur (a rarity, but still possible), even after searching your database of millions and millions of hashes, you may still not get the right value first time.

you could also brute force it, and, but that takes way to much time, and probobly isn't worth it for anything.

You have been severely mal-informed. MD5 is basically impossible to break. The only *sort* of solution is to have a database of md5 hashes to the initial string, however it is possible that some duplicates occur (a rarity, but still possible), even after searching your database of millions and millions of hashes, you may still not get the right value first time.

Oh, it seemed like it might have worked, cause when he told me it maked sense considering no matter where I got, or what server/script, my password is always the same hash.

lmao, woah, with a couple minor adjustments that little example I gave actually works. But its plainly obvious it is using replacements.

Original String: foobar
Example: http://amerikanmetz.rave5.com/misc/thehash.php

Sorry, it wouldn't let me highlight the file, it didn't like the code it contained I suppose.

But yeah, I expected that to fail horribly. Remember when I was trying to make my encryption with all those if else statements? Well this was my first try at another method, written in here and not tested, and when I decided to test it, it worked. xD

you could also brute force it, and, but that takes way to much time, and probobly isn't worth it for anything.
Yeah exactly. The method I described above is basically brute forcing. I mean you could cover the dictionary in MD5's, but then you find that many people use passwords that contain letters, numbers and combinations of capital and lower case letters. Take into account the millions and millions of combinations possible and its pretty much untangible.

Oh, it seemed like it might have worked, cause when he told me it maked sense considering no matter where I got, or what server/script, my password is always the same hash.
Yeah, the MD5 algorithm is just that... an algorithm. An algorithm is:

In mathematics and computer science an algorithm is a finite set of well-defined instructions for accomplishing some task which, given an initial state, will terminate in a corresponding recognizable end-state.

regardless of your server, the MD5 will always come out the same, becuase it uses the same set of instructions.

Yeah exactly. The method I described above is basically brute forcing. I mean you could cover the dictionary in MD5's, but then you find that many people use passwords that contain letters, numbers and combinations of capital and lower case letters. Take into account the millions and millions of combinations possible and its pretty much untangible.


Yeah, the MD5 algorithm is just that... an algorithm. An algorithm is:



regardless of your server, the MD5 will always come out the same, becuase it uses the same set of instructions.


I see. Yeah, my password is a combination of capitals, lowers, and numbers.

Question though, I might as well ask it here. On my server, I use md5 and sha1 for my users passwords, though somehow, someone has been logging into accounts and changing stuff around. I have used secure MySQL with the help of PHP to second mysql_real_espace_string the second time, though both times the person probably didn't even notice as he still got in with ease.

this site is gone now however, cause he eventually hacked me, but I still would like to know, if you know, anything that he might be using to do this that I can prevent in the future if I program the same member system again.

Are you sure he didnt know your password. I cant say I've ever had a problem like you said, so it may have been as simple as a permissions error in your script that you didnt find, or possibly that they knew your password.

Are you sure he didnt know your password. I cant say I've ever had a problem like you said, so it may have been as simple as a permissions error in your script that you didnt find, or possibly that they knew your password.

I changed my password daily, so I don't think its that, and nothing was promissioned wrong because I had no reason to touch the promissions in that script.

I don't trust cPanel as far as I can hack it.

Hmm... well what kind of things were going wrong... I mean was it a content management system that you wrote that allowed other people to sign up, or what?

Hmm... well what kind of things were going wrong... I mean was it a content management system that you wrote that allowed other people to sign up, or what?

No, most CMS (especially something I could write) are insecure. And I don't use template systems, because they too are bad. All content was written seperately in a file and included through the include function, which was also as secure as it would get. I also used mod_rewrite to bring my URLs down to something simple and completely different then the true file location.

The system was just for the content within pages, such as comments, their profiles, their chats, and the ShackBox (shoutbox) all of the use the same basic MySQL method as the main member system.

I used sessions as well..

Example of the script kiddie: One day I woke up and everyones optional nickname and bios were "AniShack.net SUCKS!"

No, most CMS (especially something I could write) are insecure. And I don't use template systems, because they too are bad.

Some quite strong statements there, I dont know that I agree with what you say lol.

I wonder if someone somehow set themselves to admin level in the users table. If not then maybe they had managed to get into your main control panel... Whats the security like on your host?

Some quite strong statements there, I dont know that I agree with what you say lol.

I wonder if someone somehow set themselves to admin level in the users table. If not then maybe they had managed to get into your main control panel... Whats the security like on your host?

You know, I always questioned the security on the server, but my friend suddenly never let me into WHM, even though he used to be very open and such.

I already know cPanel, and WHM are both good user-friendly service managers, but they're not that secure. And that is probably why one day I woke up and the server was completely dead.

As far as setting themselves and admin, its very possible. (Perhaps before the security was implemented.) though I don't remember ever seeing anyone out of the norm that was a admin in the site backup. Though it was a bit old.

And yes, those were strong words, perhaps to strong. Its just, the CMS I used were fricken awesome, until My friends showed me how they can 'magicaly' be me, the admin, and post as me. This was on droopal, xoops, a wiki, and another one.

And templates are just a bad way to go in my opinion, unless its web based HTML editing it only makes things harder for development. At least for me, once again.

And yes, those were strong words, perhaps to strong. Its just, the CMS I used were fricken awesome, until My friends showed me how they can 'magicaly' be me, the admin, and post as me. This was on droopal, xoops, a wiki, and another one.

And templates are just a bad way to go in my opinion, unless its web based HTML editing it only makes things harder for development. At least for me, once again.

I think it depends on what CMS you use and how often its updated. Many CMS's have security flaws, but if they are fixed and you keep up to date its unlikley anything too bad is going to happen.

Cpanel and WHM shouldnt be able to screw up the system on a wide level. I haven't heard of many problems with Cpanel or Plesk that haven't been fixed very quickly.

As for templates, I actually quite like some of the template systems around and am actually working on one at the moment.

I think it depends on what CMS you use and how often its updated. Many CMS's have security flaws, but if they are fixed and you keep up to date its unlikley anything too bad is going to happen.

Cpanel and WHM shouldnt be able to screw up the system on a wide level. I haven't heard of many problems with Cpanel or Plesk that haven't been fixed very quickly.

As for templates, I actually quite like some of the template systems around and am actually working on one at the moment.

Yeah, but I think the best template system is one layout and included content. It just how I like it. And witht he help of mod_rewrite it makes it rather hidden and pleasant to surf.

I also use rather heavily graphical layouts, so editing one file for the layout is simple.

Yeah, but I think the best template system is one layout and included content. It just how I like it. And witht he help of mod_rewrite it makes it rather hidden and pleasant to surf.
It depends... I quite like a separate template system where possible, becuase it means I can define separate skins for testing etc. Although you can set up the same in PHP its just one of those things. Providing the template system is secure and fast, and allows some kind of caching then its cool.

It depends... I quite like a separate template system where possible, becuase it means I can define separate skins for testing etc. Although you can set up the same in PHP its just one of those things. Providing the template system is secure and fast, and allows some kind of caching then its cool.

Yeah, I see. Well, you say your making one? If you arn't planning on selling it you should post it up here. I would love to run it and see how it is. Your PHP writing in most cases always seem to be my taste, for example, your MySQL class.

I'm afraid it wont be free, becuase if its free then I cant use it in my clients projects. With many of my clients, I bundle re-usable code and explain that they are in effect buying a full, owned license to the code (so that its ok for re-sale etc.) this usually works out ok, but if its freely available code they are never as keen and I usually have to re-write the code.

However I will probably see how it goes, and theres nothig to say I couldnt *sell* you free copy of the script.

I'm afraid it wont be free, becuase if its free then I cant use it in my clients projects. With many of my clients, I bundle re-usable code and explain that they are in effect buying a full, owned license to the code (so that its ok for re-sale etc.) this usually works out ok, but if its freely available code they are never as keen and I usually have to re-write the code.

However I will probably see how it goes, and theres nothig to say I couldnt *sell* you free copy of the script.

I got my pocket lint ready. Lol. Sounds like it might be something usefull. Alot of the systems I find for templating are always difficult to use, or just don't work well.