MD5 Database

[Hitman]

Hello. Some of you will recognise the layout or the idea. I originally created this years ago, but both attempts lasted less than a week.

I basically made an MD5 hash database - it stores the plain text and MD5 hash, which people can then search. You can also use the site to encrypt plain text into MD5, if need be. Any text encrypted is automatically stored in the database, adding to the number of hashes in the DB. I'm also using another way to add hashes... at the time of this post, there are 1,254,955 hashes in the database... these consist of these characters (abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW XYZ0123456789`~!@#$%^&*()_+{}|\-=[]\:",./<>?). Every 1 char, 2 char and 3 char possibility of those is in the database... still doing 4 chars (there's over 7 million). Of course, many of these will be useless so I'll be adding dictionaries soon.

The site is in BETA - there might be some bugs or vulnerabilities, if anybody finds some please tell me. If you decide to register and you're worried about your password being hashed and stored, then use a password like 'hello', but I can assure you that registration passwords aren't added to the search database... the user passwords are salted twice, then encrypted in md5 twice, so it's secure. They're then saved in a separate db where they cant be searched for.

I intend for this site to last a while - I'm giving it a couple of months to see how it goes. It's on a VPS atm, and I will upgrade the specs as the site grows. I will be adding Google ads once they accept me, that way the site might eventually pay for itself.

So, please take a look and tell me what you think. The layout is basic, but that's all it needs to be.

URL: http://md5data.com

Thanks.

[BoyBetterKnow]

I like it tbh

[jackass]

Iyaaa Tom babe. xoxox

Yeah, I remember this - good luck with it!

[Hitman]

I like it tbh

Thanks.

Iyaaa Tom babe. xoxox

Yeah, I remember this - good luck with it!

Hey Jack, cheers! Should be alright...

[BigAlan]

http://www.md5encryption.com/ that is probably the biggest md5 decryption service your up against so good luck

Try different methods also! Such as SHA1

And maybe give advice about encryption

Also I noticed that you md5'ed user password 2wice.. well that doesn't make it any stronger... infact it makes it much easier to find collisions.. Salting is ok providing you have 2 different salted words, also you could try spliting the password up for examlple

Code:

Password = Random1
String 1 = Rand
String 2 = om1
HashStr1 = md5(SALT1 . String 1 . SALT2);
HashStr2 = md5(SALT1 . String 2 . SALT2);
HashStr3 = sha1(SALT1 . substr(Password, 0, 3) . SALT2);
Join = HashStr1.HashStr3.HashStr2;
Encrypted = substr(Join, 0, 50);

That's just a general idea of a function in PHP but is much more safer than MD5ing passwords twice..
And your including to methods of encryption sha1 and md5 and then creating your own length hash of 50 characters where it could be 75 or even 100 which will make a collision seem impossible as the password has been encrypted 3 times in a way that wouldn make sence to anybody..

[Hitman]

http://www.md5encryption.com/ that is probably the biggest md5 decryption service your up against so good luck

Try different methods also! Such as SHA1

And maybe give advice about encryption

Also I noticed that you md5'ed user password 2wice.. well that doesn't make it any stronger... infact it makes it much easier to find collisions.. Salting is ok providing you have 2 different salted words, also you could try spliting the password up for examlple

Code:

Password = Random1
String 1 = Rand
String 2 = om1
HashStr1 = md5(SALT1 . String 1 . SALT2);
HashStr2 = md5(SALT1 . String 2 . SALT2);
HashStr3 = sha1(SALT1 . substr(Password, 0, 3) . SALT2);
Join = HashStr1.HashStr3.HashStr2;
Encrypted = substr(Join, 0, 50);

That's just a general idea of a function in PHP but is much more safer than MD5ing passwords twice..
And your including to methods of encryption sha1 and md5 and then creating your own length hash of 50 characters where it could be 75 or even 100 which will make a collision seem impossible as the password has been encrypted 3 times in a way that wouldn make sence to anybody..

That's no way near the biggest... if their site statistics are up to date, then I have already beaten them.

How many MD5 hashes are in our database?

We have encrypted more than 1,300,000 words, phrases, acronyms, etc since 2006.

There are 1,354,373 md5 hashes in the database

The big encryption sites have more than 3 billion hashes... they are the ones at the top.

http://gdataonline.com/ - 1,133,763,504
http://www.md5decrypter.co.uk/ - 13,310,855,025

So, quite a lot.

I will put information about md5, the service and what it can be used for on the about page sometime, also thanks for that info about the password encryption... although I'd of thought hashing the text, then hashing the md5 string would be very secure...

I might implement SHA1 into the password aswell.

[Hitman]

Can't edit.

OK, three salts, hashed in md5 and sha1.

PHP Code:

sha1(md5($salt1.$password.$salt2.$password.$salt3)); 


Each salt is 20 chars long.

[Hitman]

After hours of annoyance, endless jibberish in md5 and loads of tabs open, I have finally fixed MD5 Database.

Now, I'll explain what was wrong... basically, the input forms needed security from SQL injections... they had security, addslashes... so for example:

hello' becomes hello\'

And the system was saving "hello\'" with the wrong hash... so if you lookedup the correct hash for "hello'" it wouldn't be there... this is an error I have found the http://www.md5encrypter.com/ makes - any has with ' or ", etc will show up wrong... I've fixed that for mine, plus it's showing the correct values whilst using htmlentites, addslashes and mysql_real_escape_string...

So I'll be rebuilding the DB back up... there are bugs and they're being fixed, hence above.

The user system... the encryption I posted above failed, it just would not work on registration and I'm not 100% sure why. So, encryption is now 2 salts and a password in md5 and sha1.

Thanks for reading.

[Tim.]

I really like this idea. Its excellent!

[N!ck]

Good luck with this, but how much disk space does yout statbase take up?