Archive for September, 2007

MD5 with Dynamic Salt Class

4 years ago

by JuanJose in Development, PHP, Programming

Remember my post about MD5 Hashing and Salt? Well I’ve taken some time to develop a PHP class which helps very easily implement dynamic salt when using MD5. This class can be easily expanded or modified to use a different hash function. Take a look at it and let me know if it becomes useful to anyone!

You can download the PasswordWithSalt.class.php file here. Also I setup a VERY simple demo of how this works. I’m still working on developing this but comments and advice will definately be useful here.

The following is the rough text and instructions I’ve written for my “readme.txt” file.

The only thing you need to do in order to properly configure this class is set the location you want to store your salts at. For example in the class set $storageLocation = “/home/user/salts/”; and give permissions for your server to write to that folder (777 will work). I recommend the folder to be one outside your normal webroot.

The following demonstrates how to store salt for your user, then generate the hash using those salts. Don’t forget to store the final hash so you can compare against it later!

<?php
require(“PasswordWithSalt.class.php”);

//Init the class
$SaltPlease = new PasswordWithSalt();

//Store generated salts for user “admin”
$SaltPlease->storeSalt(“admin”);

//Get hash for user admin, password is “password”
$hash = $SaltPlease->createHash(“admin”, “password”);
?>

The following demonstrates how to duplicate the hash for a user who already has salt. $dbhash should be filled with the hash you have stored before.

<?php
require(“PasswordWithSalt.class.php”);

//Init the class
$SaltPlease = new PasswordWithSalt();

//Get hash for user admin, password is “password”
$hash = $SaltPlease->createHash(“admin”, “password”);

//Check to see if the generated hash match.
if($dbhash == $hash) {
echo “Password Hashes Match.”;
} else {
echo “Password Hashes DO NOT Match”;
}
?>

Got WordPress? If you don’t, you should!

4 years ago

by JuanJose in Software, WordPress

WordPress is one of the most beautiful chunks of software I’ve ever had the pleasure of playing, working, and generally having a lot of fun with. This software is quickly learned by most technically challenged people and can actually help out those people who just want to publish information and get their name out there.

With a combination of WordPress and websites like digg, technorati, and stumbleupon, a blog or website which might not get the best traffic response can grow (with some work) to hundreds, even thousands, or more visitors a day. Like all things, it does require dedication and some knowledge about your topic or topics.

So for those people willing to dedicate some of their time writing about whatever they may be passionate about, wordpress is a wonderful way to just start writing. For those who are interested but don’t want to spend the time to install and setup the various features of the software, feel free to let me know and I will do the WordPress setup and install for you, for a small fee.

Email me at: jgalvez@blackfalconsolutions.com
Or leave me a comment to this post.

Very Cheap and Legal MP3 Downloads

4 years ago

by JuanJose in Affiliate Marketing, JuanJose Galvez, Music

Don’t wait get cheap music now!

Still paying 99 cents a song on iTunes? Wish you could download more music but want to keep it legal? You can!Various websites based in Russia have been around to fill this need; under Russian law these companies only pay royalties based on their profits. Unlike in the USA and other countries where the RIAA has a large amount of influence (not to mention money) this Russian law allows companies to sell music at much lower cost.

As of the time of this writing I’ve found a website called GoMusic.ru selling music at $0.19 per song! Full albums can be purchased for just a couple of dollars.
(more…)

MD5 Hashing and Salt

4 years ago

by JuanJose in Development, PHP, PHP, Programming

I just read a great post by Marcel Oelke who runs http://md5.rednoize.com/. He’s got a great way to access his webservice and then check if a user’s password is insecure. Even if you are using MD5 before storing the password, I certianly hope people aren’t storing passwords in cleartext, it may not be secure.

I know many people don’t add some salt before storing the password and MD5.rednoize.com really is the perfect example as to why you should be salting all passwords! Even if you have a single sitewide salt - prepending it to a user’s password before creating the hash is a powerful way to prevent the use of a database like the one which runs MD5.rednoize.com matching against your database. So basically in PHP:

$salt = “ThisSuperLongStringWillProtectMyUsersAgainstInsecurePasswords”;
$userpass = $_POST['pass'];
$md5pass = md5($salt . $userpass);

When your user then attempts to login you’ll duplicate the same process. I personally would keep the $salt in a file outside the normal webroot.

Now the chances of a site having the matching hash to your users password – even if the pass is ”word” is MUCH less likely. I hope this explains what it means to salt your passwords.

You can read Marcel’s post and learn how to call his webservice here:
http://blog.fl3x.de/2005/11/10/checking-password-strength-using-md5rednoizecom-and-ajax/