Neverside

It's possible to do anything. All MD5 is, is an algorithm that encodes an input of any length into a 128-bit encrypted string.
Anything made by human, can be broken by human.
MD5 is good enough for now. The article didn't even say how long it took them to brute force it.
If you're that paranoid, make your own algorithm that uses 512 of 1024 bit encryption.

He's looking for cryptography methods that work two ways (encrypt/decrypt). MD5 just goes one way. Google "php cryptography?"

___________________

There is no theory of evolution. Just a list of creatures Chuck Norris has allowed to live.

True, although you could try using SHA1 crypt() function.

http://pear.php.net/packages.php?catpid=6&catname=Encryption ?? Don't know specifically how many bits each of these are.

___________________

:: We can be in the world, What we want to be ::

use mcrypt();

It's a rather lengthy and not exactly straightforward process, but it turns stuff into complete gibberish.

___________________

angelessme, antagonising neverside members, staff and administration since 2001.

The md5 security issue is yet another example of why salting passwords is a good idea, but that's a whole other issue. Let's keep it on topic people.

nertman is looking for an algorithm that can be encoded and decoded, therefor md5 is not the proper method. However, I do suggest using this following bit I found on php.net:

Quote:

Below is MD5-based block cypher (MDC-like), which works in 128bit CFB mode. It is very useful to encrypt secret data before transfer it over the network.
$iv_len - initialization vector's length.
0 <= $iv_len <= 512

Code:

PHP:

<?php

function get_rnd_iv($iv_len)
{
   $iv = '';
   while ($iv_len-- > 0) {
       $iv .= chr(mt_rand() & 0xff);
   }
   return $iv;
}

function md5_encrypt($plain_text, $password, $iv_len = 16)
{
   $plain_text .= "\x13";
   $n = strlen($plain_text);
   if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
   $i = 0;
   $enc_text = get_rnd_iv($iv_len);
   $iv = substr($password ^ $enc_text, 0, 512);
   while ($i < $n) {
       $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
       $enc_text .= $block;
       $iv = substr($block . $iv, 0, 512) ^ $password;
       $i += 16;
   }
   return base64_encode($enc_text);
}

function md5_decrypt($enc_text, $password, $iv_len = 16)
{
   $enc_text = base64_decode($enc_text);
   $n = strlen($enc_text);
   $i = $iv_len;
   $plain_text = '';
   $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
   while ($i < $n) {
       $block = substr($enc_text, $i, 16);
       $plain_text .= $block ^ pack('H*', md5($iv));
       $iv = substr($block . $iv, 0, 512) ^ $password;
       $i += 16;
   }
   return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}

/******************************************/
$plain_text = 'very secret string';
$password = 'very secret password';
echo "plain text is: [${plain_text}]<br />\n";
echo "password is: [${password}]<br />\n";

$enc_text = md5_encrypt($plain_text, $password);
echo "encrypted text is: [${enc_text}]<br />\n";

$plain_text2 = md5_decrypt($enc_text, $password);
echo "decrypted text is: [${plain_text2}]<br />\n";

?>

___________________

I don't suffer from insanity; I enjoy every minute of it.
Unintended Theory | Cacrew v4

Salting passwords is an absolute nescessity. Double salting is never bad either.

As mentioned, http://us4.php.net/mcrypt use this if its available for 2 way. For one way, salt/doublesalt md5

___________________

http://www.philbrodeur.com - Expert PHP Development and Tutorials