At 7:50 PM -0500 4/10/07, Richard Lynch wrote:
On Sun, April 8, 2007 11:12 am, tedd wrote:
chose from. Unless, there is something here that I don't understand
(which very well could be), I can't see how anyone, without massive
computer resources, could break that.
Am I wrong?
You are
At 8:11 PM -0500 4/10/07, Richard Lynch wrote:
On Tue, April 10, 2007 7:47 am, tedd wrote:
Your use of metaphor is quite colorful, but if you if change a single
pixel in an image, then you change the MD5 signature -- that is what
I was talking about -- and that is not wrong.
Unless I look
At 7:52 PM -0500 4/10/07, Richard Lynch wrote:
On Sun, April 8, 2007 11:26 am, tedd wrote:
The way I figure it, in an image I have 72 dot per square inch -- so,
in one square inch that's 5,184 places for me to store a 24 bit key.
To me, that's a lot of places to hid my Easter egg -- is that
At 8:36 PM -0500 4/10/07, Richard Lynch wrote:
With millions of different images and more being added, it presents a
considerable challenge to crack.
I think not...
You only have to find 10,000 people who hate MS and give each of them
200 unique images to identify.
Well actually, all
On Wed, April 11, 2007 7:30 am, tedd wrote:
At 7:50 PM -0500 4/10/07, Richard Lynch wrote:
On Sun, April 8, 2007 11:12 am, tedd wrote:
chose from. Unless, there is something here that I don't
understand
(which very well could be), I can't see how anyone, without
massive
computer
On Wed, April 11, 2007 8:09 am, tedd wrote:
-- that's all. See the subject line.
I'm sorry that I thought the thread had spilled over beyond the scope
of the Subject.
Since we rarely do that here in PHP General, I should have known better.
:-)
I don't think your work is lame
I think it's
At 8:10 PM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 17:14 -0400, tedd wrote:
At 4:39 PM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
This is exactly what tedd did in his last arrow example. He edited the
header of the GIF
You were talking about an OCR reader for the arrows to see what letters it
is pointing to. If the arrow would be at a random location in the actual
image, the arrow being not an arrow but ie. a man pointing and the arm being
flexible (so even if the man himself would move around randomly, the arm
At 10:46 PM +0100 4/9/07, Tijnema ! wrote:
On 4/9/07, tedd [EMAIL PROTECTED] wrote:
It doesn't need to be complicated, just random placed pixels on the
image from a selection of colors would provide millions of
permutations.
Cheers,
tedd
But then OCR would still work, as when somebody scans
At 12:55 PM + 4/10/07, Ólafur Waage wrote:
You were talking about an OCR reader for the arrows to see what letters it
is pointing to. If the arrow would be at a random location in the actual
image, the arrow being not an arrow but ie. a man pointing and the arm being
flexible (so even if the
On Tue, 2007-04-10 at 08:47 -0400, tedd wrote:
At 8:10 PM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 17:14 -0400, tedd wrote:
At 4:39 PM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
This is exactly what tedd did in his
On Tue, 2007-04-10 at 13:13 -0400, Robert Cummings wrote:
On Tue, 2007-04-10 at 08:47 -0400, tedd wrote:
Rob:
Your use of metaphor is quite colorful, but if you if change a single
pixel in an image, then you change the MD5 signature -- that is what
I was talking about -- and that
At 1:17 PM -0400 4/10/07, Robert Cummings wrote:
-snip-
That should have read: ... since no subset of...
Oh well, now it makes sense ! :-)
Actually, I see exactly what you are saying. If you take a small
portion of a file and MD5 it, it will give you a signature. If I
simply change a
On 4/10/07, tedd [EMAIL PROTECTED] wrote:
At 1:17 PM -0400 4/10/07, Robert Cummings wrote:
-snip-
That should have read: ... since no subset of...
Oh well, now it makes sense ! :-)
Actually, I see exactly what you are saying. If you take a small
portion of a file and MD5 it, it will give you
You only have 9 arrows.
How tricky can it be to detect which of the 9 images you are displaying?
Even if the URL is the same every time, it's a no-brainer to use OCR
to detect which array is there.
How many variations on this theme are we going to go through?
On Sat, April 7, 2007 10:59 am,
On Sat, April 7, 2007 7:02 pm, Jim Lucas wrote:
This would make things almost impossible for a computer to see, but
the chances of a human screwing
it up would be almost impossible.
Sigh.
Look.
If a HUMAN can see the differen, then a program can be written to
detect the difference.
This
On Sun, April 8, 2007 7:48 am, Robert Cummings wrote:
On Sun, 2007-04-08 at 05:41 -0700, benifactor wrote:
indeed. i was just throwing out the idea of ever changing values.
Except IP addresses aren't ever changing ;)
Unless the visitor is on AOL.
--
Some people have a gift link here.
Know
On Sun, April 8, 2007 11:12 am, tedd wrote:
chose from. Unless, there is something here that I don't understand
(which very well could be), I can't see how anyone, without massive
computer resources, could break that.
Am I wrong?
You are wrong.
The Tijnema! solution of memorizing every
On Sun, April 8, 2007 11:26 am, tedd wrote:
The way I figure it, in an image I have 72 dot per square inch -- so,
in one square inch that's 5,184 places for me to store a 24 bit key.
To me, that's a lot of places to hid my Easter egg -- is that not
enough?
No.
If the egg is visible to a
On Sun, April 8, 2007 11:46 am, Jochem Maas wrote:
in theory it's all crackable - but somewhere along the line the
problem becomes
too hard to make it worth the effort to try (unless your securing Fort
Knox or something)
In REALITY, 99.9% of the Bad Guys will be kept out by *ANY*
On Tue, April 10, 2007 7:47 am, tedd wrote:
Your use of metaphor is quite colorful, but if you if change a single
pixel in an image, then you change the MD5 signature -- that is what
I was talking about -- and that is not wrong.
Unless I look at enough images to figure out that you are just
A) 2 million MD5s is chump-change.
B) Telling a cat from a dog is probably a homework exercise for AI
Vision grad students.
On Mon, April 9, 2007 3:35 pm, tedd wrote:
At 1:04 PM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 12:51 -0400, tedd wrote:
We were talking
about M$'s
On Tue, April 10, 2007 8:01 am, tedd wrote:
An OCR is an Optical Character Reader -- it's design is to recognize
characters (A-Z 0-9), not images.
That's the reason why I previously used the term OCR-like
application -- meaning that it would be designed/programmed to see
the differences
On 4/9/07, tedd [EMAIL PROTECTED] wrote:
At 4:38 AM -0700 4/8/07, benifactor wrote:
hmm, why don't you md5 more then once..
I read somewhere that MD5'ing anything more than once, does not
increase security.
Cheers,
tedd
Not in this case, as it doesn't goes about decrypting the key here,
Tijnema ! wrote:
You can't stop me :)
http://86.86.80.41/dev/debug/tedd.php
It's cracked again :)
Maybe use flash for this... harder to crack? (Of course, Flash will open
door to other problems.)
Sorry, coming in on this late. Good work Tedd! Very interesting.
M
--
Wishlists:
At 1:21 AM -0700 4/9/07, Micky Hulse wrote:
Maybe use flash for this... harder to crack? (Of course, Flash will
open door to other problems.)
Sorry, coming in on this late. Good work Tedd! Very interesting.
M:
Tijnema showed how MD5 could be used to identify an image file and
crack my
On Mon, 2007-04-09 at 08:46 -0400, tedd wrote:
At 1:21 AM -0700 4/9/07, Micky Hulse wrote:
Maybe use flash for this... harder to crack? (Of course, Flash will
open door to other problems.)
Sorry, coming in on this late. Good work Tedd! Very interesting.
M:
Tijnema showed how MD5
At 8:49 AM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 08:46 -0400, tedd wrote:
At 1:21 AM -0700 4/9/07, Micky Hulse wrote:
Maybe use flash for this... harder to crack? (Of course, Flash will
open door to other problems.)
Sorry, coming in on this late. Good work Tedd! Very
On Mon, 2007-04-09 at 09:45 -0400, tedd wrote:
At 8:49 AM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 08:46 -0400, tedd wrote:
At 1:21 AM -0700 4/9/07, Micky Hulse wrote:
Maybe use flash for this... harder to crack? (Of course, Flash will
open door to other problems.)
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 09:45 -0400, tedd wrote:
At 8:49 AM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 08:46 -0400, tedd wrote:
At 1:21 AM -0700 4/9/07, Micky Hulse wrote:
Maybe use flash for this... harder to crack? (Of
On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote:
I think that we can conclude that a non-crackable CAPTCHA doesn't
exist, but also that there doesn't exist a real hard to crack
CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5 can help
in some cases, but only if the CAPTCHA uses
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote:
I think that we can conclude that a non-crackable CAPTCHA doesn't
exist, but also that there doesn't exist a real hard to crack
CAPTCHA. All current CAPTCHAs can be broken quite easy. MD5
On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote:
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote:
I think that we can conclude that a non-crackable CAPTCHA doesn't
exist, but also that there doesn't exist a real hard to crack
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote:
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote:
I think that we can conclude that a non-crackable CAPTCHA doesn't
exist, but
Tijnema ! wrote:
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote:
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote:
I think that we can conclude that a non-crackable CAPTCHA
On 4/9/07, Stut [EMAIL PROTECTED] wrote:
Tijnema ! wrote:
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote:
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 16:27 +0200, Tijnema ! wrote:
I think that we
On Mon, 2007-04-09 at 17:28 +0200, Tijnema ! wrote:
On 4/9/07, Stut [EMAIL PROTECTED] wrote:
Tijnema ! wrote:
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon, 2007-04-09 at 16:39 +0200, Tijnema ! wrote:
On 4/9/07, Robert Cummings [EMAIL PROTECTED] wrote:
On Mon,
At 9:58 AM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 09:45 -0400, tedd wrote:
However, this did make me wonder about the images that M$ and others
are using for captchas -- like find the kitty in a set of pictures.
The MD5 application could be used to identify as many
On Mon, 2007-04-09 at 12:51 -0400, tedd wrote:
At 9:58 AM -0400 4/9/07, Robert Cummings wrote:
Hi Tedd,
Put down the crack pipe please... captcha images are usually generated
on the fly. Their image repository is 0. Their image universe is all of
the permutations of an image containing all
Robert Cummings wrote:
On Mon, 2007-04-09 at 12:51 -0400, tedd wrote:
At 9:58 AM -0400 4/9/07, Robert Cummings wrote:
Hi Tedd,
Put down the crack pipe please... captcha images are usually generated
on the fly. Their image repository is 0. Their image universe is all of
the
On 4/9/07, Travis Doherty [EMAIL PROTECTED] wrote:
Robert Cummings wrote:
On Mon, 2007-04-09 at 12:51 -0400, tedd wrote:
At 9:58 AM -0400 4/9/07, Robert Cummings wrote:
Hi Tedd,
Put down the crack pipe please... captcha images are usually generated
on the fly. Their image repository is 0.
At 1:04 PM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 12:51 -0400, tedd wrote:
We were talking
about M$'s picture captcha where they show pictures and ask a
question like Pick the picture that shows a kitty and NOT an on
the fly graphic captcha. There are different types of
At 4:19 PM -0400 4/9/07, Travis Doherty wrote:
Steganography has been able to hide text in images for quite some time
now. Basically you cram whatever info you want into the 'unused' or
'less used' bytes of the image.
With this in mind I imagine even if you did have an image repository of
On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
On 4/9/07, Travis Doherty [EMAIL PROTECTED] wrote:
Robert Cummings wrote:
On Mon, 2007-04-09 at 12:51 -0400, tedd wrote:
At 9:58 AM -0400 4/9/07, Robert Cummings wrote:
Hi Tedd,
Put down the crack pipe please...
At 4:39 PM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
This is exactly what tedd did in his last arrow example. He edited the
header of the GIF image, and so that would result in different MD5.
Finding this part and skipping it in the MD5 check
On 4/9/07, tedd [EMAIL PROTECTED] wrote:
At 4:39 PM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
This is exactly what tedd did in his last arrow example. He edited the
header of the GIF image, and so that would result in different MD5.
Finding
tedd wrote:
...snip...
that's the reason for the alt attribute.
Thanks for clarification! :)
You are doing some great work with captchas... I also really like your
audio captcha experiments. Keep up the great work!
Cheers,
Micky
--
Wishlists: http://snipurl.com/vrs9
Switch:
On Mon, 2007-04-09 at 17:14 -0400, tedd wrote:
At 4:39 PM -0400 4/9/07, Robert Cummings wrote:
On Mon, 2007-04-09 at 22:27 +0200, Tijnema ! wrote:
This is exactly what tedd did in his last arrow example. He edited the
header of the GIF image, and so that would result in different MD5.
On 4/8/07, tedd [EMAIL PROTECTED] wrote:
Well, I cracked it for you :)
http://86.86.80.41/dev/debug/tedd.php
At the bottom it shows you the MD5 code of your arrow image, and it
shows you which way it points to :)
If you're interested in the code:
http://86.86.80.41/dev/debug/tedd.txt
On 4/8/07, Tijnema ! [EMAIL PROTECTED] wrote:
On 4/8/07, tedd [EMAIL PROTECTED] wrote:
Well, I cracked it for you :)
http://86.86.80.41/dev/debug/tedd.php
At the bottom it shows you the MD5 code of your arrow image, and it
shows you which way it points to :)
If you're interested in
hmm, why don't you md5 more then once..
for example, use a condition that will change with every visitor. like
the third num in $_SERVER['REMOTE_ADDR']; or something of the sort.
then make a loop..
say the third num in my ip address is 5
the person that visits after me would get my value,
On Sun, 2007-04-08 at 04:38 -0700, benifactor wrote:
hmm, why don't you md5 more then once..
for example, use a condition that will change with every visitor. like
the third num in $_SERVER['REMOTE_ADDR']; or something of the sort.
then make a loop..
say the third num in my ip address
indeed. i was just throwing out the idea of ever changing values.
Robert Cummings wrote:
On Sun, 2007-04-08 at 04:38 -0700, benifactor wrote:
hmm, why don't you md5 more then once..
for example, use a condition that will change with every visitor. like
the third num in
On Sun, 2007-04-08 at 05:41 -0700, benifactor wrote:
indeed. i was just throwing out the idea of ever changing values.
Except IP addresses aren't ever changing ;)
Cheers,
Rob.
--
..
| InterJinn Application Framework -
but most people have different ones :) you could also use a random
position :) fooeee.
Robert Cummings wrote:
On Sun, 2007-04-08 at 05:41 -0700, benifactor wrote:
indeed. i was just throwing out the idea of ever changing values.
Except IP addresses aren't ever changing ;)
Cheers,
At 9:42 AM +0200 4/8/07, Tijnema ! wrote:
You can't stop me :)
http://86.86.80.41/dev/debug/tedd.php
It's cracked again :)
and of course i show you the code:
http://86.86.80.41/dev/debug/tedd.txt
Waiting for your next try :P
Tijnema:
I might not be able to stop you, but I am sure I can
At 12:38 AM +0100 4/8/07, Stut wrote:
tedd wrote:
Okay, I think I figured out a fix -- try it again. :-)
http://sperling.com/a/arrows/
A little knowledge is a dangerous thing.
Give up now, while you're still sane.
Think about what you're trying to do. You're trying to do something
On 4/8/07, tedd [EMAIL PROTECTED] wrote:
At 9:42 AM +0200 4/8/07, Tijnema ! wrote:
You can't stop me :)
http://86.86.80.41/dev/debug/tedd.php
It's cracked again :)
and of course i show you the code:
http://86.86.80.41/dev/debug/tedd.txt
Waiting for your next try :P
Tijnema:
I might not
just a few random thought on how to make it even more painful to
crack. random colored borders, random border width, slight changes in
width/height,
random pixel noise or varying colors, animated gifs (where does the arrow stop),
animated gifs (where does the red/pink/blue/green arrow point to),
At 6:33 PM +0200 4/8/07, Tijnema ! wrote:
On 4/8/07, tedd [EMAIL PROTECTED] wrote:
Remember, I could also use a jpeg file and have millions of colors to
chose from. Unless, there is something here that I don't understand
(which very well could be), I can't see how anyone, without massive
At 6:46 PM +0200 4/8/07, Jochem Maas wrote:
just a few random thought on how to make it even more painful to
crack. random colored borders, random border width, slight changes
in width/height,
random pixel noise or varying colors, animated gifs (where does the
arrow stop),
animated gifs
At 4:38 AM -0700 4/8/07, benifactor wrote:
hmm, why don't you md5 more then once..
I read somewhere that MD5'ing anything more than once, does not
increase security.
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List
On 4/7/07, tedd [EMAIL PROTECTED] wrote:
At 11:56 PM +0100 4/6/07, Tijnema ! wrote:
On 4/6/07, tedd [EMAIL PROTECTED] wrote:
At 2:55 PM +0100 4/6/07, Tijnema ! wrote:
I know, but animated gifs are still quite easy to read with a bot.
Really?
What if I a created a box surrounded by letters,
At 10:33 PM +0200 4/7/07, Tijnema ! wrote:
On 4/7/07, tedd [EMAIL PROTECTED] wrote:
At 11:56 PM +0100 4/6/07, Tijnema ! wrote:
On 4/6/07, tedd [EMAIL PROTECTED] wrote:
At 2:55 PM +0100 4/6/07, Tijnema ! wrote:
I know, but animated gifs are still quite easy to read with a bot.
Really?
What
Well, I cracked it for you :)
http://86.86.80.41/dev/debug/tedd.php
At the bottom it shows you the MD5 code of your arrow image, and it
shows you which way it points to :)
If you're interested in the code:
http://86.86.80.41/dev/debug/tedd.txt
Tijnema
Tijnema:
Okay, I think I figured out
tedd wrote:
Okay, I think I figured out a fix -- try it again. :-)
http://sperling.com/a/arrows/
A little knowledge is a dangerous thing.
Give up now, while you're still sane.
Think about what you're trying to do. You're trying to do something
different on the client every time, but
Stut wrote:
tedd wrote:
Okay, I think I figured out a fix -- try it again. :-)
http://sperling.com/a/arrows/
A little knowledge is a dangerous thing.
Give up now, while you're still sane.
Think about what you're trying to do. You're trying to do something
different on the client every
El Wed, 17 Jan 2007 15:27:27 -
Ross [EMAIL PROTECTED] escribió:
Hi,
Does md5 really offer much in terms of protection?
The algorithm is really well known.
I would like to hear your thoughts and poosible alternatives (mcrypt?)
R.
It works for me. Althought is possible
MD5 is a hasing algorithm.. one-way.. really only good for checking known
values and keeping them 'private', like storing passwords in a database. That
way, if someone breaks into your database, they don't get the passwords, only
the non-reversible MD5 hashes of the passwords.
To check a
Ross wrote:
Hi,
Does md5 really offer much in terms of protection?
can you STFW?
http://search.yahoo.com/search;_ylt=A0oGkkQsQ65FTlkBrTVXNyoA?p=does+md5+offer+any+protectionei=UTF-8fr=moz2x=wrt
The algorithm is really well known.
do you work for microsoft? strength of a crypto
[EMAIL PROTECTED] wrote:
MD5 is a hasing algorithm.. one-way.. really only good for checking known
values and keeping them 'private', like storing passwords in a database. That
way, if someone breaks into your database, they don't get the passwords, only
the non-reversible MD5 hashes of the
Be warned, crypto isn't a strength of mine, so any/all of this may be
total BS.
Ross wrote:
Does md5 really offer much in terms of protection?
Depends on what you're doing with it. AFAIK, md5's weakness comes in the
form of collisions - it has been cryptanalysed to the point where it is
Still.. that has nothing to do with how well known MD5 is (so I stand by my
point).All these databases are is a giant list of pre-MD5'd strings. Brute
force stuff, no magic behind it that allows for reversing MD5. You could
technically do that with just about any crypto or hashing system.
[EMAIL PROTECTED] wrote:
Still.. that has nothing to do with how well known MD5 is (so I stand by my point).
Was not trying to refute your point. Just pointing something out with
regards to the security of MD5 hashes, and what being well known or
at least popular does for you. What you
At 10:40 AM -0500 1/17/07, [EMAIL PROTECTED] wrote:
MD5 is a hasing algorithm.. one-way.. really only good for checking
known values and keeping them 'private', like storing passwords in a
database. That way, if someone breaks into your database, they
don't get the passwords, only the
Instead of hashing the password, i prefer to use the following procedure:
$user = ...
$password = ...
$hash = md5($user . $password);
Using this method, it will be very dificult guess the password if you
get the hash because it depends also on the user name.
When you are going to login a user
On Wed, 2007-01-17 at 13:51 -0500, Oscar Gosdinski wrote:
Instead of hashing the password, i prefer to use the following procedure:
$user = ...
$password = ...
$hash = md5($user . $password);
Using this method, it will be very dificult guess the password if you
get the hash because it
On Thu, 17 Feb 2005 11:33:45 +0200, William Stokes [EMAIL PROTECTED] wrote:
Hello,
I need to make a script/form that can create username and md5 password and
save the info to mysql db.
You can use: http://www.php.net/md5 to make MD5 hashes from strings,
or you can just the format of the
On Sat, Nov 20, 2004 at 05:49:04PM -0500, Gregori Halsiber wrote:
Hi, I'm trying to write a md5 hash to auth users... And before I get flamed
about md5 not being a crypt system but a hashing system I know... Security
is not a problem..
I'm trying to build a standalone Message Update Center
On Sat, 20 Nov 2004 17:49:04 -0500, Gregori Halsiber [EMAIL PROTECTED]
wrote:
Hi, I'm trying to write a md5 hash to auth users... And before I get
flamed
about md5 not being a crypt system but a hashing system I know...
Security
is not a problem..
I'm trying to build a standalone Message
It doesn't appear to be cookie settings either, nor auto-fill in.
I do not have auto-complete running; when I log in under an affected users
account, the stored md5($plain_password) does not match the submitted
md5($plain_password).
Could it be perhaps that md5() works differently with integers
* Thus wrote CF High ([EMAIL PROTECTED]):
$username = strip_illegals($_POST['email']);
$plain_pass = rand();
$password = md5($plain_pass);
I then insert their login info into our member's table.
Unexpectedly, when users attempt to login no matching record is found.
Are you sending them
Their receiving the $plain_pass
$plain_pass is md5'd on login submit, so we should get md5($plain_pass ) =
db stored md5'd($plain_pass ).
Makes no sense at all.
Got a couple hundred emails in my inbox from users not able to login -- I'm
basically screwed ;--(
--Noah
Curt Zirzow [EMAIL
CF High wrote:
If anyone has any clues as to what might be happening; i.e. why the md5'd
submitted plain text password does not match the stored md5'd password,
please, please let me know.
md5() results in a 32 character string. What kind of field are you
storing it in?
--
---John Holmes...
password field is char (32)
Strange that the usernames are all properly set to the submitted email
address, but the password is not properly updated.
Correct me if I'm wrong here, but
$plain_pass = rand(); /* plain pass should be a random # */
md5($plain_pass); /* plain pass is a random # here
Re: the browser track, it looks like all adversely affected users; i.e.
those who can no longer log in, have a browser of I.E. 6.0.
I know that in many cases I.E. 6.0 has session and cookie vars disabled by
default.
Is it possible, a long, long shot, that rand() behaves differently in I.E.
6.0
Besides checking the browser cookie settings, have one of the affected users
turn off the auto-fill form feature, then tell the browser to forget all saved
form information. Let us know what happens.
cheers,
Travis
CF High wrote:
Re: the browser track, it looks like all adversely affected
It's always a 32 character string.
http://us4.php.net/manual/en/function.md5.php
-Peter
On Fri, 2004-01-09 at 11:30, Michael Mller wrote:
Hi,
is anybody here who knows the max_length of a string which is encoded by
md5()?
thx, Michael
Berlin, Germany
--
perl -e 'print pack(H*,
mhm, I think there was a missunderstanding ;)
I want to know, how long the input-string could be (so that the encoded
strings, that you get, are unique)
Michael
On Fri, 2004-01-09 at 10:29, Michael Mller wrote:
mhm, I think there was a missunderstanding ;)
I want to know, how long the input-string could be (so that the encoded
strings, that you get, are unique)
I don't think there is a limit, theoretically. In practice you might
have other constraints
On Saturday 10 January 2004 01:29, Michael Müller wrote:
mhm, I think there was a missunderstanding ;)
I want to know, how long the input-string could be (so that the encoded
strings, that you get, are unique)
Basically, as long as you like (within memory constraints).
--
Jason Wong -
No limit for the input string
-Message d'origine-
De : Michael Müller [mailto:[EMAIL PROTECTED]
Envoyé : vendredi 9 janvier 2004 18:29
À : [EMAIL PROTECTED]
Objet : Re: [PHP] md5() and string-length?
mhm, I think there was a missunderstanding ;)
I want to know, how long the input-string
mhm, I think there was a missunderstanding ;)
I want to know, how long the input-string could be (so that the encoded
strings, that you get, are unique)
In theory, you are limited by the fact that the MD5 message digest is 128
bits long, so collisions are /possible/, but not /probable/. In
Sorry my bad; I read your post but I didn't understand it fully. I agree with the others; there is no theoretical limit (only physical like available memory, disk space, etc..) to the size of a string which you can pass to the md5() function.
-Pete
On Fri, 2004-01-09 at 12:29, Michael Mller
First store the password in the DB as
$passwd=md5($passwd)
insert into table values( $passwd);
get the user password and check by comparing
if(md5($password)==$fetchedpasswdfromDB)
{
...
}
-murugesan
- Original Message -
From: Chinmoy Barua [EMAIL PROTECTED]
To: [EMAIL
On Tuesday, August 26, 2003, at 04:04 PM, Chinmoy Barua wrote:
Hello everybody,
I want to authenticate my user from web with PHP
script. The user's passwords are stored in System as
MD5 format (in /etc/shadow).
Can anybody help me?
Which part do you want help with?
The form?
The SQl query?
The
Quoting Justin French [EMAIL PROTECTED]:
On Tuesday, August 26, 2003, at 04:04 PM, Chinmoy Barua wrote:
Hello everybody,
I want to authenticate my user from web with PHP
script. The user's passwords are stored in System as
MD5 format (in /etc/shadow).
Can anybody help me?
See
Burhan,
Please try to quote the right person when replying to a thread -- your
messages was, I assume, intended for Chinmoy Barua, not me.
It saves confusion, and keeps the thread more useful and easier to
follow.
Thanks,
Justin French
On Tuesday, August 26, 2003, at 04:17 PM, Burhan wrote:
Quoting Justin French [EMAIL PROTECTED]:
Burhan,
Please try to quote the right person when replying to a thread -- your
messages was, I assume, intended for Chinmoy Barua, not me.
It saves confusion, and keeps the thread more useful and easier to
follow.
My apologies Justin, I
In PHP..
$data = Cheese\n;
- trailing newline char
Steven Carr wrote:
Hello All,
Im having trouble with compatibility between MD5 Digest in Perl and in
PHP. They dont give the same results.
Perl
#!/usr/local/bin/perl
use strict;
use Digest::MD5 ();
my $to_be_hashed = Cheese;
my ($hash) =
1 - 100 of 146 matches
Mail list logo
