Comments on: Hack the Password !!!

By: Ford

Ford — Mon, 18 Aug 2008 23:17:24 +0000

hi. I am a hacker. I can get you an aol,yahoo,myspace,facebook,gmail…etc password. I do charge a fee to get a password though. Once i do get password i’ll show you proof i have it. Are you interested? E-mail me at Fordf202006@yahoo.com

By: peeto

peeto — Fri, 23 May 2008 00:40:03 +0000

select u.user from table as u where u.password=sha1(concat(’access’, u.salt, ‘hackedglobalpattern’));

By: Babu Syed

Babu Syed — Wed, 19 Mar 2008 12:25:18 +0000

like the window showing the visitor’s location in map. how can i get it for my page?
BS at psbabusyed@gmail.com

By: Binny V A

Binny V A — Tue, 04 Mar 2008 09:25:06 +0000

Great! Thanks for clearing that up

By: Sajith M.R

Sajith M.R — Mon, 03 Mar 2008 19:06:56 +0000

Hi Binny,
$md5_password was a mistake happened while copy-pasting . I edited that in article now. And about the checking in login, see below.

The salt is created by random, but you have to save this salt in another filed into your database table (that i mentioned in this article). So when login check, what you have to do is:
1) Get the saved salt from database table. (Select salt from table where username = ‘Sanjay’);

2) Recreate the hash from user entered password . say $password

3) Calculate the hash digest from the former formula.
< ?php $hash_password = sha1($password . $salt . auth::GlobalPattern()); ?>

4) Get the saved hash say $saved_hash from table (Select password from table where user=’Sanjay’);

5) Compare both. $hash_password and $saved_hash

6) If both are equal login, else invalid password.

Thanks
Syth

By: Binny V A

Binny V A — Mon, 03 Mar 2008 15:15:13 +0000

Could you include the login code as well - I am not sure how to check the password with a random salt. You will need the same salt when you are authenticating.

And why are you naming the variable $md5_password? You are using sha1 - so it should be called $sha1_password.