>> Table of Contents >> Article


In order to increase the security of passwords it is reasonable to encrypt these. One-way encryption algorithms [ I ] are well suited for this. In this section two of the most important representatives are explained. In PHP they are implemented by the functions "md5()" and/or "crypt()".


The DES-procedure [ II ] was for many years the standard encryption algorithm in the US. With the increasing power of available hardware on the market, the simple DES-algorithm is no longer safe. The multi-encryption variant "Triple-DES" may be considered a more safe modification. As follow-up algorithm for DES the US-american National Institute of Standards selected the so-called RIJNDAEL algorithm AES [ III ].

DES works on the binary representation of the input text. It produces an initial permutation of this binary notation. Subsequently, a block cipher is used for encryption. The DES-algorithm is a Feistel cipher. Feistel ciphers do apply an internal block cipher multiple times on parts of the message, to create a number of round keys.

For the safety of Feistel ciphers, the safety of the used internal block cipher is of crucial importance. Currently DES may be considered safe enough for most of your everyday-applications and the algorithm is still used in many environments. For example DES is used on Unix systems for the authentication of users.


The MD5-algorithm [IV] is a hashing algorithm. Important for the security of a hash process is the property of the collision freedom. A collision is when two different clear texts produce the same cipher text. If a collision is found, it is possible to calculate the plaintext with the help of appropriate procedures. It is known, that MD 5 is not free of collisions. However, it is unknown whether there any compression functions, which have no collisions. Therefore, it is acceptable in practice, if it is sufficiently difficult to find a collision. Such procedures are considered "collision resistent". Equally important is the speed of the algorithm because the encryption itself should be - in order to be suitable for authentication - most efficient.

Name of procedure Block length in bits Speed percent
MD4 128 100
MD5 128 68
RIPEMD-128 128 39
RIPEMD-160 160 24

Comparing the performance of different authentication procedures

The security of MD5 is now, however, in doubt [V]. The Heise Verlag first reported in early 2005 that researchers apparently succeeded in creating a faster procedure for the calculation of MD5 hashes [VI] to find collisions. A short time later, the message appeared that it has been able to create different certificates with the same MD5 hash [VII]. Only slightly more than half a year [VIII] a company offered a paid service, to reverse MD5 and SHA1 hashes by using pre-calculated tables, as long as the fee is right. It is therefore only a matter of time before MD5 won't provide enough security for sensitive applications anymore.

Also the safer algorithm SHA-1 [IX], with a bit length of 160-bit as opposed to MD5 with 128-bit, is already broken. As reported by Schneier [X], a group of Chinese cryptologists (Xiaoyun Wang, Yiqun Lisa Yin, Hongbo Yu), from the Shandong University succeeded in finding a collision in SHA-0 and SHA-1. For SHA-0 within 2 39 steps of operation, for SHA-1 it was 2 69 steps. This is much faster than the brute-force approach, with about 2 80 required steps of operation.

The framework also uses MD5 to encrypt passwords. In addition, SHA-1 is used to generate unique session IDs. A change of password encryption from MD5 to SHA-1 will be considered in due time.

for further reading

  1. Prof. Dr. Buchmann, J.: Einführung in die Kryptographie, 2nd edition. Springer-Verlag, 2001, pages 167 ff., 200 ff.
  2. FIPS PUB 197 - ADVANCED ENCRYPTION STANDARD. U.S. DEPARTMENT OF COMMERCE; National Institute of Standards and Technology, 26.11.2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  3. FIPS PUB 46-3 - DATA ENCRYPTION STANDARD. U.S. DEPARTMENT OF COMMERCE; National Institute of Standards and Technology, 25.10.1999 http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
  4. Rivest, R.: RFC 1321 - The MD5 Message-Digest Algorithm. MIT Laboratory for Computer Science / RSA Data Security Inc.,1992 http://www.faqs.org/rfcs/rfc1321.html
  5. Kaminsky, D.: MD5 To Be Considered Harmful Someday. http://www.doxpara.com/md5_someday.pdf
  6. Forscher erzeugen unterschiedliche X.509-Zertifikate mit gleichem MD5-Hash. Heise-Verlag, 03.03.2005 http://www.heise.de/newsticker/meldung/57038
  7. Verunsicherung um Sicherheit von Kryptoalgorithmen. Heise-Verlag, 18.08.2004 http://www.heise.de/security/news/meldung/50148
  8. Passwort-Cracker als Bezahldienst. Heise-Verlag, 11.11.2005 http://www.heise.de/security/news/meldung/66039
  9. FIPS PUB 180-1 - SECURE HASH STANDARD. U.S. DEPARTMENT OF COMMERCE; National Institute of Standards and Technology, 17.04.1995 http://www.itl.nist.gov/fipspubs/fip180-1.htm
  10. Schneier, Bruce: SHA-1 Broken. Weblog, 15.02.2005 http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Author: Thomas Meyer, www.yanaframework.net