improving the md5 encryption!

hello guys 🙂 today i studied a very simple method to improve the md5 protection against all available vocabulary attacks that are popping out in these months.
it’s very simple. it consists of add 2 or more md5 hash (for example, the password plus username plus date of registration) char by char.

now we got a new hash string that doesn’t appears like a normal hash (isn’t hexadecimal). so what we need to do now? simple! just re-encrypt this strange hash.

now we got particular hash that can’t return in any way the username nor password nor date of registration.

here’s the sample code:
————————–

<form method=”post”>
username: <input name=”username”> <br>
password: <input name=”password”><br>
<input name=”data”><br>
<br>
<?
$username=$_POST[“username”];
$password=$_POST[“password”];
$data=$_POST[“data”];
$sum=””;

$md5username=md5($username);
$md5password=md5($password);
$md5data=md5($data);

for($i=0;$i<32;$i++)
$sum.=chr(ord($md5username[$i])+ord($md5password[$i])+ord($md5data[$i]));

$hash=md5($sum);

echo “hash di “.$username.”: “.$md5username.”<br>”;
echo “hash di “.$password.”: “.$md5password.”<br>”;
echo “hash di “.$data.”: “.$md5data.”<br>”;
echo “somma degli hash: “.$sum.”<br>”;
echo “hash della somma: “.$hash.”<br>”;

?>
<br>
<br>
LOGIN <br>
username: <input name=”l1″> <br>
password: <input name=”l2″><br>
<input name=”l3″><br>
<input type=”submit”><br>
</form>

<?

$l1=$_POST[“l1”];
$l2=$_POST[“l2”];
$l3=$_POST[“l3″];
$l4=””;

$md5l1=md5($l1);
$md5l2=md5($l2);
$md5l3=md5($l3);

for($i=0;$i<32;$i++)
$l4.=chr(ord($md5l1[$i])+ord($md5l2[$i])+ord($md5l3[$i]));

$hashl4=md5($l4);

if ($hashl4==$hash) echo “login succesful”;
else echo “login denied”;

?>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.