Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    1
    Rep Power
    0

    Decypt class encypt, please!


    I have lass encrypt, but i can not decrypt. I have tried many ways but have not been . People to help me with this class decypt, please!
    PHP Code:
    <?php
    /*==========================
    *    Example use encode :
    *    <?
    *    include('encode.php');
    *    $encode = new encode();
    *    $encryptText = $encode->encrypt('content','yourkey');
    *    echo $encryptText;
    *    ?>
    ===========================*/
    class encode{
        private 
    $rda;
        private 
    $sof;
        private 
    $Mf;
        private 
    $Yv;
        private 
    $Ki;
        private 
    $Dol = array(0x010x020x040x080x100x20,0x400x800x1b0x360x6c0xd8,0xab0x4d0x9a0x2f0x5e0xbc,0x630xc60x970x350x6a0xd4,0xb30x7d0xfa0xef0xc50x91);
        private 
    $Qre = array(991241191232421071111974811034325421517111820213020112525089712401732121621751561641141921832531473854632472045216522924111321649214199351952415051547181282262353917811791314426271109016082592141794122747132,  8320902373225217791106203190577476882072082391702516777511336924921278060159168811636414314615756245188182218331625524321020512192369515168231961671266110093251159612979220344214413670238184202229411219224505810736369219421117298145149228121231200551091412137816910886244234101122174818612037462816618019823222111631751891391381126218110272324614975387185134193291582252481521710521714214815530135233206854022314016113713191230661046515345151768418722);
        private 
    $blz 128;
        private 
    $szj 192;
        public function 
    __construct(){
            
    $this->rda = array(0,0,0,0,array(0,0,0,0,10,0,12,0,14),0,array(0,0,0,0,12,0,12,0,14),0,array(0,0,0,0,14,0,14,0,14));
            
    $this->sof = array(0,0,0,0,array(0,1,2,3),0,array(0,1,2,3),0,array(0,1,3,4));
            
    $this->Ki $this->blz/32;
            
    $this->Yv $this->szj/32;
            
    $this->Mf $this->rda[$this->Yv][$this->Ki];
        }
        public function 
    encrypt($src,$key){
            
    $ct = array();
            
    $bla = array();
            
    $igb $this->blz/8;
            
    $chars $this->kghfyu($this->stohca($src));
            
    $epy $this->kips($this->stohca($key));
            for(
    $i=0;$i<count($chars)/$igb;$i++){
                
    $bla $this->sbugj($chars,$i*$igb,($i+1)*$igb);
                
    $bla $this->ectghugp($bla,$epy);
                
    $ct $this->ghctqart($ct,$bla);
            }
            return 
    $this->chrtoh($ct);
        }
        private function 
    chrtoh($chars){
            
    $result "";
            
    $hexes = array("0","1","2","3","4","5","6","7","8","9","a","b","c","d","e","f");
            for(
    $i=0;$i<count($chars);$i++){
                
    $result .= $hexes[$chars[$i]>>4].$hexes[$chars[$i]&0xf];
            }
            return 
    $result;
        }
        private function 
    ectghugp($block,$epk){        
            
    $block $this->pagkbty($block);
            
    $block $this->rkddrhgntpk($block,$epk);
            for(
    $i=1;$i<$this->Mf;$i++){
                
    $block $this->greeftg($block,$this->sbugj($epk,$this->Ki*$i,$this->Ki*($i+1)));
            }
            
    $block $this->hfamyour($block,$this->sbugj($epk,$this->Ki*$this->Mf,count($epk)));
            
            return 
    $this->nyhgrfbyt($block);
        }
        private function 
    nyhgrfbyt($packed){
            
    $result = array();
            for(
    $j=0;$j<count($packed[0]);$j++){
                
    $result[count($result)] = $packed[0][$j];
                
    $result[count($result)] = $packed[1][$j];
                
    $result[count($result)] = $packed[2][$j];
                
    $result[count($result)] = $packed[3][$j];
            }
            return 
    $result;
        }
        private function 
    hfamyour($state,$rdv){
            
    $state $this->hjtyubgh($state);
            
    $state $this->srhfjugh($state);
            
    $state $this->rkddrhgntpk($state,$rdv);
            return 
    $state;
        }
        private function 
    greeftg($state,$rdv){
            
    $state $this->hjtyubgh($state);
            
    $state $this->srhfjugh($state);
            
    $state $this->gydftcoph($state);
            
    $state $this->rkddrhgntpk($state,$rdv);
            return 
    $state;
        }
        private function 
    gydftcoph($state){
            
    $b = array();
            for(
    $j=0;$j<$this->Ki;$j++){
                for(
    $i=0;$i<4;$i++){
                    
    $b[$i] = $this->myhdgrttuk($state[$i][$j],2) ^ $this->myhdgrttuk($state[($i+1)%4][$j],3) ^ $state[($i+2)%4][$j] ^ $state[($i+3)%4][$j];
                }
                for(
    $i=0;$i<4;$i++){
                    
    $state[$i][$j] = $b[$i];
                }
            }
            return 
    $state;
        }
        private function 
    myhdgrttuk($x,$y){
            
    $result 0;
            for(
    $bit=1;$bit<256;$bit*=2,$y=$this->rthymk($y)){
                if(
    $x&$bit){$result ^= $y;}
            }
            return 
    $result;
        }
        private function 
    rthymk($poly){
            
    $poly<<=1;
            return ((
    $poly&0x100)?($poly^0x11B):($poly));
        }
        private function 
    srhfjugh($state){
            for(
    $i=1;$i<4;$i++){
                
    $state[$i] = $this->rdthgbnjywss($state[$i],$this->sof[$this->Ki][$i]);
            }
            return 
    $state;
        }
        private function 
    rdthgbnjywss($src,$pos){
            
    $temp $this->sbugj($src,0,$pos);
            
    $src $this->sbugj($src,$pos,count($src));
            
    $src $this->ghctqart($src,$temp);
            return 
    $src;
        }
        private function 
    hjtyubgh($state){
            
    $S $this->Qre;
            for(
    $i=0;$i<4;$i++){
                for(
    $j=0;$j<$this->Ki;$j++){
                    
    $state[$i][$j] = $S[$state[$i][$j]];
                }
            }
            return 
    $state;
        }
        private function 
    rkddrhgntpk($state,$rdv){
            for(
    $j=0;$j<$this->Ki;$j++){
                
    $state[0][$j] ^= ($rdv[$j]&0xFF);
                
    $state[1][$j] ^= (($rdv[$j]>>8)&0xFF);
                
    $state[2][$j] ^= (($rdv[$j]>>16)&0xFF);
                
    $state[3][$j] ^= (($rdv[$j]>>24)&0xFF);
            }
            return 
    $state;
        }
        private function 
    pagkbty($octets){
            
    $state = array();
            
    $state[0] = array();
            
    $state[1] = array();
            
    $state[2] = array();
            
    $state[3] = array();
            for(
    $j=0;$j<count($octets);$j+=4){
                
    $state[0][$j/4] = $octets[$j];
                
    $state[1][$j/4] = $octets[$j+1];
                
    $state[2][$j/4] = $octets[$j+2];
                
    $state[3][$j/4] = $octets[$j+3];
            }
            return 
    $state;
        }
        private function 
    kips($key){
            
    $temp 0;
            
    $this->Yv $this->szj/32;
            
    $this->Ki $this->blz/32;
            
    $epk = array();
            
    $this->Mf $this->rda[$this->Yv][$this->Ki];
            for(
    $j=0;$j<$this->Yv;$j++){
                
    $epk[$j] = ($key[4*$j]) | ($key[4*$j+1]<<8) | ($key[4*$j+2]<<16) | ($key[4*$j+3]<<24);
            }
            for(
    $j=$this->Yv;$j<$this->Ki*($this->Mf+1);$j++){
                
    $temp $epk[$j-1];
                if(
    $j%$this->Yv==0){
                    
    $temp = (($this->Qre[($temp>>8)&0xFF]) | ($this->Qre[($temp>>16)&0xFF]<<8) | ($this->Qre[($temp>>24)&0xFF]<<16) | ($this->Qre[$temp&0xFF]<<24)) ^ $this->Dol[floor($j/$this->Yv)-1];
                }else if(
    $this->Yv>&& $j%$this->Yv==4){
                    
    $temp = ($this->Qre[($temp>>24)&0xFF]<<24) | ($this->Qre[($temp>>16)&0xFF]<<16) | ($this->Qre[($temp>>8)&0xFF]<<8) | ($this->Qre[$temp&0xFF]);
                }
                
    $epk[$j] = $epk[$j-$this->Yv]^$temp;
            }
            return 
    $epk;
        }
        private function 
    kghfyu($plaintext){
            
    $igb $this->blz/8;
            for(
    $i=$igb-(count($plaintext)%$igb);$i>&& $i<$igb;$i--){
                
    $plaintext[count($plaintext)] = 0;
            }
            return 
    $plaintext;
        }
        private function 
    stohca($str){
            
    $codes = array();
            for(
    $i=0;$i<strlen($str);$i++){
                
    $codes[$i] = $this->cgaftocdyhgtvb($str,$i);
            }
            return 
    $codes;
        }
        private function 
    ghctqart($arr1,$arr2){
            return 
    array_merge($arr1,$arr2);
        }
        private function 
    sbugj($arr,$b,$e){
            return 
    array_slice($arr,$b,$e-$b);
        }
        private function 
    cgaftocdyhgtvb($str,$index){
            
    $m ord(substr($str,$index,1));
            return 
    $m;
        }
    }
    ?>
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    So what are we supposed to do now? Pull the decryption class out of a hat? Write it from scratch? Why don't you talk to the people who gave you this code?

    But before you do that, you should ask yourself one question: Do you really wanna rely on some fishy PHP code to keep your data secure?

    This is not an established implementation. It probably has been written by a single person. Nobody else has checked the code to make sure it's correct. In addition to that, the code has been scrambled. Why? What do they have to hide?

    With a little bit of common sense, you should be able to draw a conclusion from that.
    Last edited by Jacques1; January 28th, 2014 at 06:13 AM.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    0
    The way I see encryption is that if the encryption method has to be hidden, it's not good encryption.

    Good encryption is where people can see the code used to encrypt/decrypt but still not be able to decrypt it.

    When I need to encrypt something, I use this code. All I know is it works, I don't know how secure it is and I am by far no expert. (But I'm sure someone else will be able to tell me )

    PHP Code:
    function encrypt($key$info){
        
    $iv_size mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256MCRYPT_MODE_ECB);
        
    $iv mcrypt_create_iv($iv_sizeMCRYPT_RAND);
        
    $enc mcrypt_encrypt(MCRYPT_RIJNDAEL_256$key$infoMCRYPT_MODE_ECB$iv);
        return 
    bin2hex($enc);
    }

    function 
    decrypt($key$value){
        
    $enc hex2bin($value);
        
    $iv_size mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256MCRYPT_MODE_ECB);
        
    $iv mcrypt_create_iv($iv_sizeMCRYPT_RAND);
        
    $info mcrypt_decrypt(MCRYPT_RIJNDAEL_256$key$encMCRYPT_MODE_ECB$iv);
        return 
    trim($info);
    }

    function 
    hex2bin($hex){
        
    //My server is php 5.3. You can remove this function for a later version of PHP
        
    $str='';
        for (
    $i=0$i strlen($hex)-1$i+=2)
        {
            
    $str .= chr(hexdec($hex[$i].$hex[$i+1]));
        }
        return 
    $str;

    Good luck!
  6. #4
  7. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,295
    Rep Power
    9400
    The obfuscation in the code in the first post is stupid and pointless.

    Originally Posted by Tilo15
    (But I'm sure someone else will be able to tell me )
    ECB mode has a big disadvantage: it encrypts individual blocks of the input and that means the same block will be encrypted to the same output each time. It accomplishes this by not using IVs - the $iv your code provides is ignored. CBC mode is better as it does use an IV, but now you have to store that IV somewhere.
    Meanwhile the best attack against Rijndael 256, aka AES 256, is still a wrench.

    Comments on this post

    • Jacques1 disagrees : This is just wrong.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    0
    Meanwhile the best attack against Rijndael 256, aka AES 256, is still a wrench.
    Good to see people get XKCD. None of my friends ever understand them

    I know verry little about cryptography, what would you do to make that encryption function better?
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Guys, please stop.

    Contrary to popular belief, MCRYPT_RIJNDAEL_256 is not AES-256. Yes, they both have a “256” in the name. That doesn't mean a thing. MCRYPT_RIJNDAEL_256 is an exotic variant of the Rijndael algorithm with a block size of 256 bits. The algorithm known as “AES” has a block size of 128 bit. What the different names of AES refer to is the key length. So AES-256 is Rijndael with a 128 bit block size and a 256 bit key.

    Using ECB is another huge mistake and a clear sign that it's time to stop.

    Cryptography isn't the right area for the usual “Let's copypaste some script from the Internet and see what happens.”. It requires an actual understanding of what's going on. If you don't have that (like most of us), don't do it. Cryptography doesn't degrade cracefully. You'll quickly end up with no security at all or even “negative security”: If you run around with broken cryptography and at the same think you're totally secure (“Wow, my only risk is a wrench!”), you have a big problem.

    So I repeat: Don't do it. You wouldn't try a brain surgery after you've read a Wikipedia article, right?

    Either drop the encryption altogether. 99% of the time, it's just snakeoil without any reasoning behind it. For example, where's your key? Let me guess: Right next to the encrypted data. Wow, that will totally stop people from getting the plaintext.

    If you're absolutely definitely sure that you've found a valid use case for encryption, use a high-level library like GnuPG. Don't even think about fumbling with cipher modes and such.

    Comments on this post

    • requinix disagrees : even when you're right you just can't help it but do whatever you can to piss other people off
    • Tilo15 disagrees : You are right. I don't know much about encryption but I have worked out a system of not storing the key at all in the database and each user has their own key.
    • Strider64 agrees : I for one agree and it's better to be truthfull than to trying to spare people's feelings. I get critiques on my websites all the time and if I didn't have thick skin I would be doing websites.
    Last edited by Jacques1; January 29th, 2014 at 09:03 PM.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  12. #7
  13. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,295
    Rep Power
    9400
    Originally Posted by Jacques1
    Contrary to popular belief, MCRYPT_RIJNDAEL_256 is not AES-256. Yes, they both have a “256” in the name. That doesn't mean a thing. MCRYPT_RIJNDAEL_256 is an exotic variant of the Rijndael algorithm with a block size of 256 bits. The algorithm known as “AES” has a block size of 128 bit. What the different names of AES refer to is the key length. So AES-256 is Rijndael with a 128 bit block size and a 256 bit key.
    Oops. But guess what: I don't care!

    Comments on this post

    • NotionCommotion agrees : The proper approach for the proper application
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    In other words: You don't give a sh*t about the people who come here seeking for help and might base their decisions on your advice.

    Not sure if that's something to be proud of ...
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by Tilo15
    Tilo15 disagrees: You are right. I don't know much about encryption but I have worked out a system of not storing the
    key at all in the database and each user has their own key.
    And where do all the keys eventually go? Your server.

    That means you haven't gained anything. If your server is compromised, the keys are compromised as well. All the fancy cryptography is null and void, so you might as well have stored the plaintext.

    This is exactly what I'm trying to say: Applying cryptography correctly is damn hard. A lot of ideas which sound good at first turn out to be complete bogus. Even professionals constantly screw up (just look at the history of SSL/TLS). How big is the chance of us amateurs getting it right?

    Cryptography does make sense in very specific cases with very specific techniques. For example, HTTPS is a great invention, and you should definitely use it. Encrypting emails with GPG/PGP is also a very smart thing to do, as is full disk encryption.

    But all of those techniques have been designed by people who actually know this stuff. They've gone through many, many reviews and improvements, and they've survived in the real world for a long period of time. We can be pretty sure that they work for the very specific purpose they were made for.

    Now compare this to your own idea. You're not an expert (neither am I, by the way). It's unlikely that any expert will ever review this. The implementation has never been tested, because you're designing this from scratch. And as far as I can tell, there's not even a definition of what exactly this is supposed to do.

    Putting this all together, your chance of success is exactly zero. You'll end up with something that kinda sorta looks like cryptography. But in reality, it's just bogus.

    I'm not saying this to put you down. I understand the idea, and I've also played with cryptography a lot. But when it comes to real applications with real people involved, don't do it. This is not the right place for experiments. Instead of wasting your time with Rijndael-ECB-foobar, implement features that actually work. Have you set up HTTPS? Do you hash all passwords with bcrypt? etc.
    Last edited by Jacques1; January 30th, 2014 at 01:36 AM.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    0
    Well, no. The keys are not on the server at all.

    My system means each user's key is derrived from their password.
    Their password is not stored on the server. When they log in, the script decrypts a known peace of data from the database and then, if successfully decrypted logs in.

    Again, I don't know how secure this actually is, but even I (the person with access to the database) wouldn't be able to get peoples data, because their key is derived from their password, and their password is not stored anywhere on the server at all.

    (I'm sure you are a good guy, and you are just trying to protect us form bad security, but you seemed a bit hostile at first)
  20. #11
  21. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Why do you insist on using a method when it's not clear whether it does anything at all? I find this rather odd for such a critical decision.

    Why don't you use a proven solution which actually is secure? If you tell us what you're trying to do, I'm sure we can point you to an appropriate technique. What do you want to protect, and what kind of attack do you wanna protect it against?

    In any case, your idea does not work. The concept itself is already wrong, regardless of all the technical issues you'll encounter during implementation.

    If you wanna protect the individual data of each user, then managing all passwords/keys on a central server is pretty much the worst thing you could possibly do. Your server is now the single point of failure. If an attacker manages to break in, all users have a problem.

    The attacker may not be able to simply download all keys at once. But they can collect the plaintext passwords as they come in, derive the keys from them and finally decrypt the data. So no matter how many levels of indirection you create, the result is always the same: If somebody breaks into your server, the data is compromised -- you haven't gained anything compared to storing the plaintext data.

    Mixing encryption and authentication (validating the password through decryption) is also very problematic, to say the least. I'm not even sure if this particular approach is valid. There are much, much better ways of authenting a user. Use a password hashing algorithm like bcrypt.



    Originally Posted by Tilo15
    Their password is not stored on the server.
    It's not stored on the server, but it gets sent to the server over and over again. And your “known piece of data” allows an attacker to perform a brute-force attack on the password: They take a string, derive a key from it, decrypt the ciphertext and check if they get the right result. If they succeed, they now have the password and the key. Otherwise, they try again with a different string.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  22. #12
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    0
    Okay, well. my system is simply for storing user data. It does no one spisific thing. the data is not sensitive but I still want to keep it private in a way that not even I could decrypt without their key or whatever.

    what would you reccomend, I only have the one server, so I cannot decentralise. also, at the moment https in not an option. as I said, the syste!m does not need to be the most we iure in the world, if it needed to be that secure I would have gotten https ages ago.

    what would you reccomend for login and storing of data? and what do I do about storing keys?

    EDIT:

    Also the website is more or less a test. there are only about 5 users and I know them all. Though at some point I would like to open it up for more people. before I do this I would like to fix the encryption and login. what would you reccomend?
  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    0
    Originally Posted by Jacques1
    It's not stored on the server, but it gets sent to the server over and over again. And your “known piece of data” allows an attacker to perform a brute-force attack on the password: They take a string, derive a key from it, decrypt the ciphertext and check if they get the right result. If they succeed, they now have the password and the key. Otherwise, they try again with a different string.
    So, apart from bruit force, and the fact that passwords are not sent over https how sound is my method. Is there any way I could help fix my encryption without modifying my system too much?

    Would https fix the passwords being sent over plain text issue, and how could you prevent bruit force attacks? Even if you hashed the password using that function you pointed out before, a hacker could bruit force that as well!

    Would the user having a strong password to start with help against bruit force?

    Thank you for pointing this out to me, I never would have known otherwise.
  26. #14
  27. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Basic security for an average website requires at least the following:

    • HTTPS. This is a must. And since it's free and supported virtually everywhere, there's really no excuse for not using it.
    • Make sure the server is secure (file permissions, up-to-date software etc.).
    • Hash the user passwords with a strong algorithm like bcrypt. If you have PHP 5.5, bcrypt is natively supported. Otherwise, you can use a compatibility library.
    • Make sure the application itself is secure. This is where most mistakes happen. See The 6 worst sins of security for typical vulnerabilities.

    When those things are done, then you can worry about additional security measures.

    You said you want to keep the user data secure. In that case, the only option is to have the users themselves manage their keys and encrypt their data. Your server would merely act as a storage for ciphertext.

    Doing the encryption on the server turns the whole idea into a joke. The encryption would be nothing but a “promise not to peek”. Because in reality, you or anybody with access to the server may very well read the data. And this has happened many, many times in similar projects (a recent one being the “secure” email provider Lavabit).

    My suggestion would be to forget about encryption for now and spend your time with hardening the server and the application.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  28. #15
  29. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2014
    Posts
    6
    Rep Power
    0

    Exclamation


    okay, I will look over my application. I will not be able to provide https for now, but will get it going before I go public. With that bcryp system, couldn't a bruit force be done the same way as you mentioned earlier?

    I will look over your links later, I am busy right now and have to pop into town. thanks for all your help.
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo