6 replies to this topic

[TNT_Nolan]

Trying to make a little password system, how can I encrypt it with a MD5?

[Sewbacca]

I played with this API: https://github.com/kikito/md5.lua. I'm not sure, but I think it is really secure because it loses data, but it is always creates a unique hash. Please correct me if I'm wrong.

[KingofGamesYami]

1) MD5 is a hashing algorithm, so encryptin with it is impossible
2) MD5, as a hash, is irreversable
3) MD5 is considered insecure and can be broken in under a second.

I suggest you find an encryption algorithm such as AES or stick to sha256.

[Sewbacca]

KingofGamesYami, on 01 June 2017 - 03:33 PM, said:

1) MD5 is a hashing algorithm, so encryptin with it is impossible
2) MD5, as a hash, is irreversable
3) MD5 is considered insecure and can be broken in under a second.

I suggest you find an encryption algorithm such as AES or stick to sha256.

You said that it can be broen in under a second, but how can it be broken, if the hash is irreversable?

[MineRobber___T]

Sewbacca, on 09 June 2017 - 10:18 PM, said:

KingofGamesYami, on 01 June 2017 - 03:33 PM, said:

1) MD5 is a hashing algorithm, so encryptin with it is impossible
2) MD5, as a hash, is irreversable
3) MD5 is considered insecure and can be broken in under a second.

I suggest you find an encryption algorithm such as AES or stick to sha256.

You said that it can be broen in under a second, but how can it be broken, if the hash is irreversable?

Brute-force attacks.

[KingofGamesYami]

Sewbacca, on 09 June 2017 - 10:18 PM, said:

You said that it can be broen in under a second, but how can it be broken, if the hash is irreversable?

It was designed to be irreversible, ei no password or secret key would be available to decrypt.

As for how it can be broken, the multitude of vulnerabilities are summed up here.

Wikipedia said:

In 1996 a flaw was found in the design of MD5. While it was not deemed a fatal weakness at the time, cryptographers began recommending the use of other algorithms, such as SHA-1, which has since been found to be vulnerable as well.[25] In 2004 it was shown that MD5 is not collision-resistant.[26] As such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property for digital security. Also in 2004 more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionable; specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum.[6][27] Further advances were made in breaking MD5 in 2005, 2006, and 2007.[28] In December 2008, a group of researchers used this technique to fake SSL certificate validity.[23][29]

As of 2010, the CMU Software Engineering Institute considers MD5 "cryptographically broken and unsuitable for further use",[30] and most U.S. government applications now require the SHA-2 family of hash functions.[31] In 2012, the Flame malware exploited the weaknesses in MD5 to fake a Microsoft digital signature.

[SquidDev]

There are a couple of hashing algorithms on the forum already:

• SHA-256 and PBKDF2 by Anavrins
  
• Blake256 also by Anavrins

Of these, I think PBKDF2 is generally the preferred algorithm for this, as it is designed to be slow (which is what you want for a password hash). That being said, it means it'll run slower on ComputerCraft too, which is something to be aware of.