View Full Version : 128bit MD5 Encryption

01-06-2006, 08:59 AM
Can someone with good PHP knowledge evaluate this code? I'm not sure if it is even better, and how if possible could it work for single strings?

// The function:

function AuthenticMD5($username, $password)
$one = $username;
$two = $password;
$thr = $one . $two;
$fou = $thr . $one;
$fiv = $fou . $one;
$six = $thr . $thr;$sev = $one . $two . $thr . $one;
$md1 = md5( $sev . $two . md5($one . $fiv . md5($sev . strrev( $sev))));
$md2 = md5( $md1 . md5( $one . $thr . $fou . md5( $sev . $md1)));
$md3 = md5( $md2 . md5($md1));
$md4 = md5( $md3 . $md1 . $md2 . md5($sev));
return $md2 . $md1. $md4 . md5($md3 . $md2);

From what it looks like it creates a single hash out of a username and password.

ralph l mayo
01-06-2006, 09:22 AM
I don't know if it's worth using or not, but you can def. use it with only one term by splitting it in half, ie. AuthenticMD5('pass', 'word')

bonus utility function:

function callMD5ThingWithOnlyOneTerm($term)
return(AuthenticMD5($firsthalf = substr($term, 0, ($begin = (int) strlen($term) / 2)), substr($term, $begin, strlen($term) -strlen($firsthalf))));

01-06-2006, 09:44 AM
Thats probably the daftest function I have seen for a long time.
MD5 issues are with collisions which are mostly brute forced so 1 random hash is unlikely better than another ~

01-06-2006, 08:01 PM
well from what I read its suppose to be better... md5() is 32bit, and AuthenticMD5() is 128bit.... doesn't that make a differense in any way?

01-06-2006, 09:23 PM
Urmm I'm a bt confused!

01-06-2006, 10:22 PM
...? And who are you...?

01-07-2006, 03:00 AM
well from what I read its suppose to be better... md5() is 32bit,

MD5 produces a 32 digit hexadecimal number not a 32bit hash (each 2 digits = a hex number) , 32/2 = 16, 16 X 8 = 128 bit

The longer a hash is the safer it is, but adding strings together does not make a true hash, just a bigger string.

So for brute force attacks a 128 character string is going to be harder to brute than a 32 character string, no arguments there.

but all the shenanigans in the function are pretty pointless imo & I have seen other functions with many many more calculations designed to make the string more secure but which too ignore the underlying point of MD5 which is that MD5 cannot be 'decrypted' , it can be brute-forced but at that point ANY random string is as secure and as insecure (from collisions) as another.