Enter code here...THE MD5 HASH ONLY GOES UP TO 32 CHARS,,,,FOR SECURITY WHY NOT ADD MORE? Or better yet add all you want, because This script only retrieves the original Md5 hash. !!!
SALT
function saltIt()
{
$password='razorback';
$addsalt='a5jcmnb62sdx';
$pass=(md5($password));
$salt=$pass.$addsalt;
echo $salt;
} //end function saltIt()
echo saltIt(); // password hash by robin deatherage
// our md5+added salt = a618b59e86b0042f6eb0341d25aedcc1a5jcmnb62sdx
UNSALT
function unSalt()
{
$mystring1='a618b59e86b0042f6eb0341d25aedcc1a5jcmnb62sdx';//our md5+salt
$Remove_Our_Added_Salt='a5jcmnb62sdx';
$nosalt =(mb_substr($mystring1, 0,32));//THE-SALT-CAN-BE-ANY-LENGTH-THIS RETRIEVES ONLY THE MD5.
echo $nosalt;
//outputs the original md5 without the added salt a618b59e86b0042f6eb0341d25aedcc1
} //end function unSalt()
echo unSalt();
This is a ridiculous way of salting a password.
ReplyDeleteIt is very well ridiculous,, and has an intention behind it that only a Hacker could NOT see,, When you add something extra to it as a single string add on as a salt the hacker can know this too,, but what he cannot know is the length of the string used. This will allow odd count strings and make them as long as necessary,, there is no rule on a string, and it can be as large as 2500 characters in a database,, And there are many websites using all 2500 for passwords and usernames inside a database,, Sure the password can only be 6 to 10 chars,, but when it goes into the database as 2500,, who is going to guess it ? This adds any salt and any length to data on your site and still retrieves the users original 6 chars password,, a hacker can crack a md5 and sha hashes if he knows you are using them,, but what he does not know is that you have added something different into the equation and he will stumble,,
DeleteIt is very well rediculous,, and has an intention behind it that only a Hacker could NOT see,,
ReplyDelete