I'm making a php login, and I'm trying to decide whether to use SHA1 or Md5, or SHA256 which I read about in another stackoverflow article. Are any of them more secure than others? For SHA1/256, do I still use a salt?
Also, is this a secure way to store the password as a hash in mysql?
function createSalt(){ $string = md5(uniqid(rand(), true)); return substr($string, 0, 3);}$salt = createSalt();$hash = sha1($salt . $hash);
(I will preface this question by saying I think there is virtually no way that UUID4 would be designed not to be uniformly distributed, but I lack the math skills and crypto knowledge to prove it.)
In streaming a bunch of data to kinesis, we are experiencing a problem where one shard, shard #4, is very hot and the other seven shards are underloaded. Kinesis distributes data across its shards by a partition key, which is a unicode string that it converts to an md5 hash.
Shards are sequential by default, so if you have one shard it will have all partition keys from 0 - 2^128 in it. We have eight shards, so the buckets are bounded at increments of 2^125. The end of each shard range is, in hex,
0x200000000000000000000000000000000x400000000000000000000000000000000x600000000000000000000000000000000x800000000000000000000000000000000xa00000000000000000000000000000000xc00000000000000000000000000000000xe00000000000000000000000000000000x100000000000000000000000000000000
We partition based on a UUID 4. We had assumed that that would be evenly distributed across the above address space, but with this "hot shard" problem I'm starting to wonder. UUID4s are 2^128 bits, but they reserve six bits for deterministic information, leaving 2^122 values that can be random. It's those six bits that give me pause.
Trivially, if I take the six most significant bits away, my largest possible value is 2^122, which will certainly fall in the first or second bucket, all the time. But back in reality those six digits aren't the most significant of the UUID4 space, so what effect do they have on the distribution? If I use a UUID4 for a sharding key, will my data be evenly distributed across the shards?
I am creating a simple DB access application using C++, and I have added Users Table containing: ID, USER, PASSWORD and SALT, and I am using Crypto++ as crypto backend. So I created this function:
#include "crypto.h"#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1#include <md5.h>#include <hex.h>#include <osrng.h>using namespace std;using namespace CryptoPP;string MyCrypto::MD5(const string strMessage){ byte arrbyDigest[Weak::MD5::DIGESTSIZE]; Weak::MD5 hash; hash.CalculateDigest(arrbyDigest, /*(const byte*)*/strMessage.c_str(), strMessage.length()); HexEncoder encoder; string strOutput; encoder.Attach(new StringSink(strOutput)); encoder.Put(arrbyDigest, sizeof(arrbyDigest)); encoder.MessageEnd(); return strOutput;}string MyCrypto::GenerateSalt(const size_t length /*= 16*/){ SecByteBlock arrbySalt(length); AutoSeededRandomPool asrp; asrp.GenerateBlock(arrbySalt, length); string strSalt(arrbySalt); strSalt.ToAscii(); return strSalt;}
So good so far, all is working fine until I realized that the generated salt string can contain non-printable characters even null termination character
So my questions are:
Am I doing it the right way ?
Is the length of the salt 16 as I did the practical way ?
Should I encrypt the salt string in Base 64, HEX or leave it as plain text when concatenating it with the plain password string before the MD5 hash ?
Should I encrypt the salt string in Base 64, HEX or leave it as plain text when saving it to the database ?
What are your suggestions ?
This question already has an answer here:
I have a problem with the way wordpress encrypts a password, When I encrypt a password I do it in the following way.
$wp_hasher = new PasswordHash(16, true); // 16 digit hashing password$pass = $wp_hasher->HashPassword( trim( $posted['password'] ) ); //$posted['password'] is your passwordecho $pass;
With that code I encrypt a password, for example:
password: test
encrypted: $P$JofHzK55LaG8kpcQsVJ5j0AcnILN2o1
The problem is that this encrypted password is not the same as that stored in Wordpress
The password that is stored in WordPress already encrypted is this:
$P$BhbEVMLV6onULEfYLG3dsF5xuv9t9j0
I do not know how is encrypting the WordPress password
In this link, it says that truncated MD5 is uniformly distributed. I wanted to check it using PySpark and I created 1,000,000 UUIDs in Python first as shown below. Then truncated the first three characters from MD5. But the plot I get is not similar to the cumulative distribution function of a uniform distribution. I tried with UUID1 and UUID4 and the results are similar. What is the right way of conforming the uniform distribution of truncated MD5?
import uuidimport numpy as npimport matplotlib.pyplot as pltfrom statsmodels.distributions.empirical_distribution import ECDFimport pandas as pdimport pyspark.sql.functions as f%matplotlib inline### Generate 1,000,000 UUID1 uuid1 = [str(uuid.uuid1()) for i in range(1000000)] # make a UUID based on the host ID and current timeuuid1_df = pd.DataFrame({'uuid1':uuid1})uuid1_spark_df = spark.createDataFrame(uuid1_df)uuid1_spark_df = uuid1_spark_df.withColumn('hash', f.md5(f.col('uuid1')))\ .withColumn('truncated_hash3', f.substring(f.col('hash'), 1, 3))count_by_truncated_hash3_uuid1 = uuid1_spark_df.groupBy('truncated_hash3').count()uuid1_count_list = [row[1] for row in count_by_truncated_hash3_uuid1.collect()]ecdf = ECDF(np.array(uuid1_count_list))plt.figure(figsize = (14, 8))plt.plot(ecdf.x,ecdf.y)plt.show()
EDIT:I added the histogram. As you can see below, it looks more like normal distribution.
plt.figure(figsize = (14, 8)) plt.hist(uuid1_count_list) plt.title('Histogram of counts in each truncated hash') plt.show()
Domáce - Mapa stránok - Súkromie - Links - Copyright © 2019 Cortex IT Ltd : Kontakt : admin @ cortexit.co.uk
Please note that by viewing our site you agree to our use of cookies (see Súkromie for details). You will only see this message once.