Special note: before such a change can only be used at the beginning of establishment, if you change midway, then there will be problems, this article has been published in the
Maybe when you mention MD5, everyone is very familiar, but are you really like this? Learn how it is the actual process of breeding? Although our general people don't have to go to find the roots, I have to download someone else's compiled procedure when I use it. Since most of the algorithm know, there are many tools that crack the MD5 hash value, but we can use our imagination to fully mobilize their enthusiasm. Do you want to change one by yourself? What about MD5 algorithms? Let now all the tools of cracking MD5 under get out of class? Because MD5 is really useful in our network, each site should save the user's information, but when it is preserved, it is afraid that one of the attackers will be attacked to the website, download the database, so we often use MD5 to have a hash An important information. But now there is a lot of tools to make simple cracks. Let's first understand the MD5 hash algorithm, and then I will explain how to improve the security of the website.
Next, I am just a simple explanation, and the space of x and y will not be introduced (x∈A, y∈B). Let's take a look at a hash algorithm to meet one of the three conditions below:
1, H is a one-way function. That is, almost all H (X) = Y, known Y requires X, it is not feasible.
2, known X, find X'∈A, make H (x) = h (x ') is not possible in calculation, which is weak without collision.
3, find a pair of X and X ', and x x', making H (x) = h (x ') is not active, which is strong without collision.
This is called a security confidential Hash function. The lower side is the hash process for the message: You may see the top of the table, you may see that the left side is required to enter an initial vector IV. This is the key place I explain today. This initial vector is MD5 algorithm is from A, B, C, D four buffer registers are stored, while each register is 32 bits. Their initial value is:
a = 0x67452301
B = 0x EFCDAB89
C = 0x 98BADCFE
D = 0x 10325476
In this we can see the four 16-based values, this can also be seen as an initial seed. If you know the MD5 algorithm process, we can know that in this process is mainly some of them, The calculation of the model is processed for each group 512 bit message, and each group is 4 * 16 times, so I have a bold idea, but we have changed the initial value. Is it going to become another MD5 hash algorithm! We know that the four values of A, B, C, and C are a total of 16-based 4 * 8 = 32, then we can calculate the probability space that may be cracked. If you move more, the possibility of crack The smaller it. As long as we change one, we don't have to change the other parts of the algorithm, and will not change much for our procedures. Is it possible to find a new hash algorithm, in fact, it is known to have a hash algorithm, and the US information compression standard SHA is also a bit similar to MD5 (mainly means to think). Now introduced these related MD5 knowledge, let's take a look at how to modify the source code of our website management program. Here I have a famous mobile network forum DVBBS7.0 in China.
We all know that the user's data of the network forum is like a password. The answer to the question is to have a MD5 hash. Usually the attacker is downloading the database to make the codes, the default is to put this path. Next:
BBS / DATA / DVBBS7.MDB and we generally use the name of the database to modify the database, and the corresponding modification of the relevant settings in Conn.asp.
Now our method is to find this file /inc/md5.asp. This page is the process we have has a hash process, just modify it, we have generated its own new MD5 hash algorithm. Then open it in a notebook, find this place. Figure 1:
I saw it, A, B, C, D, these four values, it is what we talk before, see how you changed. Let's take you! But I suggest that you can change one, or try it to change. If you can change a = 0x67452301 to a = 0x67452300, you use a different MD5 algorithm, so that, even if you are downloaded, you can use it with confidence. Let their crack MD5 tools to see ghosts!
But what I want to explain is that people who understand the MD5 process may ask, can you affect the operation like this? This expert expert may be difficult to demonstrate it. At the same time, I have to say that MD5 is the information of all the information, and the changes in our changes, only a few thousand users on a website, there should be no big problem, but we To prove the three conditions that this change can be met after this change, it does have a certain difficulty, which lets readers discuss it.
In the end, if someone wants to discuss with me, please contact:
Anmeihong@sina.com
