Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2014
    Posts
    9
    Rep Power
    0

    How to combine sha-1 and md5


    Anyone can teach me how to combine sha-1 and md5..I need to know how to implement it in a network for data transfer..
  2. #2
  3. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,413
    Rep Power
    1871
    How do you want to combine them?

    The first thing is that they both perform the same basic task, which is to create a secure(*) hash of some kind of message.
    Read this

    (*) Note that both MD5 and SHA1 are no longer considered secure.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2014
    Posts
    9
    Rep Power
    0
    Salem can u teach me how to combine it...if that way is not secure what is the best way to protect the data in the network
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2014
    Posts
    9
    Rep Power
    0
    salem can you teach me how to combine it because this is one of my university project..if u dont know how to combine it do you know how to create our own ecryption program..
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2006
    Posts
    2,477
    Rep Power
    1752
    To 'combine' the two you would just use the output of one function as the input for another:

    Code:
    function_1(function_2(TheText))
    But the main question is why? As salem said, they do the same thing. It'd be a bit like taking an English phrase and translating it into Spanish and then translating the Spanish version into Russian (except translation is reversible!)
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2014
    Posts
    9
    Rep Power
    0
    thanks, but im need to know what the tool to combine it using what ??
  12. #7
  13. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,413
    Rep Power
    1871
    > if that way is not secure what is the best way to protect the data in the network
    MD5 / SHA1 (and other hash algorithms) do NOT protect the data.

    They provide authentication. That is, they 'prove' that the message being sent is the message being received (it hasn't been tampered with). It doesn't stop anyone else from reading the message (you need encryption to prevent it being read).

    Eg.
    Code:
    $ echo "Attack at dawn" | md5sum
    36d1a51217cd34fc04f56cc49139c759  -
    $ echo "Attack at dusk" | md5sum
    317732a9efb79440a738d6d54b9f5df8  -
    As you can see, a small change in the message results in a large change in the hash.

    The sender and receiver would communicate via some other channel the details of the hash.

    The point of a secure hash is that it is infeasible to create a different message designed to deceive the recipient, which has the same hash as the original message.

    Let me say it again, authentication is NOT encryption.
    Code:
    8aa3b46a398db49e0cecfbab1c7d9742  IMG_0132.JPG
    c860d6c09bb2bf9469e2afede0842c5b  IMG_0133.JPG
    dfa64883e1d87433a0d37c9cd6923808  IMG_0134.JPG
    315998a40c5538bb6d3ddd97b5815e0d  IMG_0141.JPG
    It doesn't matter how big the message is, the hash is always the same length. There is no way to reverse a hash to get the original message (there are in fact an infinite number of messages that could result in any given hash).
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    to be honest, I'm a bit worried about where you're going, especially if this is for a “university project”.

    For some strange reason, you've chosen two long-obsolete hash algorithms. For some other strange reason, you've decided to somehow “combine” them. And at the same time, you don't seem to have any clue about what you're doing.

    That's not exactly the best starting point for a new security protocol.

    What are you trying to do? That's always the first step. You don't randomly choose a technique and then see how you can use it. Also, what does your university expect from you? Designing some new protocol requires a deep understanding of cryptography, and you don't seem to have that.



    Originally Posted by salem
    They [SHA-1 and MD5] provide authentication.
    No. They provide integrity if combined with authentication. A hash alone doesn't provide anything whatsoever. You may confuse it with a MAC.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2014
    Posts
    9
    Rep Power
    0
    [QUOTE=salem]> if that way is not secure what is the best way to protect the data in the network
    MD5 / SHA1 (and other hash algorithms) do NOT protect the data.


    salem..thanks for the explanation..if the hashing is not suitable for data encryption..can you teach me how to make a simple own encryption program..my project is to secure the data transfer such as file.
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2014
    Posts
    9
    Rep Power
    0
    sory for my lack of knowledge about cryptography..im still learning it..i need someone who can guide me to make a ecryption program for a data like file..can you help me?..
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2006
    Posts
    2,477
    Rep Power
    1752
    What do you actually need to do? At what level?
    In my day there was a 7 layer model to the 'network', with the Application (such as a web browser) at highest level and Physical (I think) (which would be the actual 'bits' across the wire or airwaves) at the lowest level.
    If you wish to add encryption of the traffic you are going to need two, corresponding, entities, one at server one at client, that both 'talk the same language. If memory serves the second highest level of the model is 'Presentation' and it is at that level that encryption would usually be done - so the server would, at some point have your encryption process work on the data to be sent, which would head across the network to the client and trickle up the network 'stack', finally the various packets of data would get to what would equate to the Presentation layer which would recognise your encryption mechanism, do the the decrpyt and 'hand off' the clear text to the Presentation layer.
    In real life this would be like a client/server process where the client asks for data which the server returns, in encrypted form. The client program would then decrypt that and do whatever wa sneeded: show it to the user or save in a specified place.
    Having said that, someone, somewhere, I am sure, has already looked at doing such a thing ...
    You probably don't want to have to mess about with re-inventing all of the wheel, but you may want to look at using an existing encryption method (search engines can be your friend here) to pass the data. It has to be encryption (and NOT hashing) if you want the client to have a chance of seeing the clear text version of what the server has sent.
    In brief: server takes some data, encrypts it and sends it across to the client. Client takes data and decrypts and saves it.
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc
  22. #12
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2014
    Posts
    9
    Rep Power
    0
    Soo I need to follow your instruction??can u explain more to me
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2006
    Posts
    2,477
    Rep Power
    1752
    They were not instructions - they were a mention and a brief comment about the OSI 7 layer view of 'the network' to give you an idea of what and where (and maybe even why?) you would need to do whatever it is need to do.
    I, personally, am rubbish with the nuts and bolts of networking and of security. If this is you implementing this concept then YOU need to not oly kow what you have done but understand why and what is going on (even if it's a reasonably high-level understanding). Just 'throwing' things at it hoping something will stick is generally not a good idea (doubly so when involving security), nor is just layering stuff on top of one another.
    We (and by 'we' I mean someone who actauuly knows of what they write!) could show you what to do, but that'd be a bad idea. It is best if you are guided to a solution, so you understand what has been doen because it is likely that given a month or two there'll be a problem or someone will have a question and you'll need to be able to know what is going on to deal with those situations.

    There are some fundamental concepts which seem to be passing you by ... to have encrypted data sent over the network something has to encrpyt it before sending (usually that'll be a 'server' of some form). In addition it has to be decrypted at the other end (which usually be a 'client' of some sort). Both server and client will have to know that encrypted data is being sent and what encryption mechanism was used.

    So far all we know is that you need to encrypt data transfer across a network. It is a bit scary that this is a university project as I would have hoped you would seem to have more of a clue of what was going and what was needed. Is this a case of encrypting all network traffic (I hope not!), just some data content, or the sending of discrete files in an encrypted form?
    The moon on the one hand, the dawn on the other:
    The moon is my sister, the dawn is my brother.
    The moon on my left and the dawn on my right.
    My brother, good morning: my sister, good night.
    -- Hilaire Belloc
  26. #14
  27. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by SimonJM
    It is a bit scary that this is a university project as I would have hoped you would seem to have more of a clue of what was going and what was needed.
    I think that sums it up.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  28. #15
  29. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2014
    Posts
    9
    Rep Power
    0
    Solo I need to encrypt the data in the server not the network traffic..my university project ask me to make a basic or own basic encryption algorithm or sofrware..any one can help me with this..because I don't know to encryp data..using my own encryption program
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo