RikeMedia Posted May 21, 2009 Share Posted May 21, 2009 I've just been browsing the v4 feature list as we're going to upgrade our v3 soon however saw this: "- Converted client passwords to MD5 irreversible hashed values" I assume its more than just MD5 as MD5 is very easily reversible with modern processing power. Matt, could you let us know if (and why) its just MD5? Thanks 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted May 21, 2009 WHMCS CEO Share Posted May 21, 2009 It's md5 with a random salt for each client. The result is admins can't view a clients chosen password (but still can for their packages of course) on the basis that often clients will use the same password as they do many other sites when given the option to choose one themselves. 0 Quote Link to comment Share on other sites More sharing options...
RikeMedia Posted May 21, 2009 Author Share Posted May 21, 2009 Ahh great. Thanks Matt -- it's put my mind at ease 0 Quote Link to comment Share on other sites More sharing options...
MikeDVB Posted May 24, 2009 Share Posted May 24, 2009 I don't think the goal is to make them 100% non-reversible but instead to protect the passwords from the administrators when the administrators really don't *need* to see them in most cases. 0 Quote Link to comment Share on other sites More sharing options...
Mindnet Posted June 26, 2009 Share Posted June 26, 2009 I assume its more than just MD5 as MD5 is very easily reversible with modern processing power. (sorry for my bad english) I stop here and signup for this forum just because I read this and don't agree: MD5 IS VERY EASILY REVERSIBLE Well, please let me know more aboute this, because if this is possible, someone have the more powerfull tool of all ages. A MD5 hash always return something like this: d41d8cd98f00b204e9800998ecf8427e Dont matter the length of the original text, string, word - when you generate a MD5 hash, the hash always have the same length, like above. So, if you genereate a MD5 hash of the ENTIRE BIBLE TEXT, you get one hash like the example above. Then you say we can REVERSE the MD5 hash from the BIBLE and get all the text from BIBLE back? In a dream, if this is possible, MD5 hash wil be the a amazing compression tool. You can generate a HASH of all data on the world and store it in a single line, and get back when you want. Of course not. sorry again for my bad english. 0 Quote Link to comment Share on other sites More sharing options...
bear Posted June 26, 2009 Share Posted June 26, 2009 please let me know more aboute this, because if this is possible http://www.google.com/search?hl=en&q=md5+reverser&aq=1&oq=md5+reverse&aqi=g7 0 Quote Link to comment Share on other sites More sharing options...
Mindnet Posted June 28, 2009 Share Posted June 28, 2009 http://www.google.com/search?hl=en&q=md5+reverser&aq=1&oq=md5+reverse&aqi=g7 Nice try, but this google search dont prove you can reverse a MD5. Let me try explain again: 1) make a script that convert one TEXT to a MD5 HASH. 2) put on this script a entire content of a 500 pages book Now, with YOUR google search, get the MD5 HASH (something like d41d8cd98f00b204e9800998ecf8427e) and DECODE this HASH to the entire text book with 500 pages. When you know how to do this, open a data-compression company, because you know how to compress any volume data into a single MD5 hash and retrieve it back. 0 Quote Link to comment Share on other sites More sharing options...
uberhost Posted June 28, 2009 Share Posted June 28, 2009 (edited) Mindnet is correct, MD5 is non-reversable by algorithm. Black hat hackers collect tables of known hashes and check against those. There is no "reverser" for MD5. The reason Matt uses an md5 with a random salt is to that the MD5 hash cannot be compared to a database of known passwords. Edited June 28, 2009 by uberhost 0 Quote Link to comment Share on other sites More sharing options...
bear Posted June 28, 2009 Share Posted June 28, 2009 Nice try, but this google search dont prove you can reverse a MD5. It in fact does. Not *all*, but some (sort of) Let me try explain again: No need, I comprehend just fine, even without the sarcastic smilie you'd used. 0 Quote Link to comment Share on other sites More sharing options...
nik.martin Posted June 29, 2009 Share Posted June 29, 2009 (sorry for my bad english) Then you say we can REVERSE the MD5 hash from the BIBLE and get all the text from BIBLE back? Encryption/hashing is not compression. Google is your friend. It's called a dictionary attack, and there are several known collisions, where two very different strings produce the same md5 hash. 0 Quote Link to comment Share on other sites More sharing options...
nka Posted July 13, 2009 Share Posted July 13, 2009 How easy ? I made this : 21208284c302dfcc6d9c68f73825dead With the build-in php function. Now, past it here... http://www.md5decrypter.com/ Not working ? Let's fool this now... Try this one : adfb3e22036ea50aef61dce587837c9d Why is this working ? Simply because I crypted the text on the same website. He now got it into his database. 0 Quote Link to comment Share on other sites More sharing options...
bear Posted July 13, 2009 Share Posted July 13, 2009 How easy ? That isn't decryption, that's comparison. 0 Quote Link to comment Share on other sites More sharing options...
nka Posted July 13, 2009 Share Posted July 13, 2009 Sorry, I think I wasn't clear. That's exactly what I mean. People think it's decryptable just becose they find this page and see it can decrypt ! 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.