MD5 Hash

Hello again, it's been a while..
I quit Minecraft then I kinda came back for like all of a few days on my friend's server and I needed some security for my computer so nobody messes it up..
I found this quite useful, you can use it how you would like..

I wanted to hide my password from the people on the server so I figured I'd use md5 in order to hide it.
I made a website to convert my queries into md5 and echo the output.

Example: http://pastebin.com/diMwJXuy

How it works is you request a query to the website using 'cn' as the GET request.
So, as in the example, I have the computer make a request using the convert link, the website outputs the query in Md5 and if check it with the password.

The way you can use it is going on to a website and converting your desired password into MD5 (or using mine) then create a variable on the computer called password with the md5 hash encrypted password as the string.

local convertlink = "http://md5hash.netne.net/md5.php?cn="
local pwd = '098f6bcd4621d373cade4e832627b4f6'

Then do the normal input = read("*") stuff, and create another variable for the link.

local input = read("*")
local s = http.get(convertlink .. input).readLine()

That will read the md5 result from the website and set it to s..
Then do the normal "checking if password is correct"

if (s == pwd) then
    print("Access granted.")
end

And that's it.

You can use the website for anything other than that too.. it doesn't just have to be password programs, but I can't imagine there would be any other reason..
Just remember: convertlink is "http://md5hash.netne.net/md5.php?cn=<your_request_here>"

It's not very secure(passwords and their hashes could be stored in a huge database,like this one),you'll need to salt it if you're really worried about security(it still use plain SHA-256 in my OS,BTW).

MD5 in insecure. Consider using SHA256+salt. Also, you made a website to convert the password the user types in to MD5. Worse yet, the password is sent with the URL. This means that anyone with access to

1. The Minecraft server
2. The Minecraft server's local network
3. A server between the Minecraft server and your website
4. Your website

could read your password in the end of the URL. If you ever need MD5 in Computercraft (hint: you don't), find someone who has ported MD5 to Lua, and use their code. But you don't even need that. Just use SHA256 (like here), and a salt.

randomdude999, on 10 January 2016 - 02:33 PM said:

If you ever need MD5 in Computercraft (hint: you don't), find someone who has ported MD5 to Lua, and use their code. But you don't even need that. Just use SHA256 (like here), and a salt.

I want to note that hashes can be used for more things than passwords, like file validation.

I also want to note that the computing power of the Computercraft computers is not enough to crack any hash.
Also, Make a passphrase because not every word/phrase is cracked in md5 yet, you just have to find the one that isn't.
Using my website, your MD5 converted query will not be stored to any database.

randomdude999, on 10 January 2016 - 02:33 PM said:

MD5 in insecure. Consider using SHA256+salt. Also, you made a website to convert the password the user types in to MD5. Worse yet, the password is sent with the URL. This means that anyone with access to

1. The Minecraft server
2. The Minecraft server's local network
3. A server between the Minecraft server and your website
4. Your website

could read your password in the end of the URL. If you ever need MD5 in Computercraft (hint: you don't), find someone who has ported MD5 to Lua, and use their code. But you don't even need that. Just use SHA256 (like here), and a salt.

I would actually like someone to make this.

Noodle, on 10 January 2016 - 09:32 PM said:

I also want to note that the computing power of the Computercraft computers is not enough to crack any hash.

Not that I think it matters (as legoman points out, hashes are good for more than security), but:

1) Computercraft systems could certainly be rigged to reverse them to the extent that any other system can be. Granted it's not the most efficient way to go about it, but still.

2) Just because the hashes were generated within Computercraft, that doesn't mean that they'd also need to be reversed using Computercraft.

I think you're pretty safe using MD5. Nobody's going to waste a bunch of time reversing a hash for access to your Minecraft base which may be protected by a server plugin anyways.

3d6, on 10 January 2016 - 11:32 PM said:

I think you're pretty safe using MD5. Nobody's going to waste a bunch of time reversing a hash for access to your Minecraft base which may be protected by a server plugin anyways.

It doesn't even take much time. There are online databases with MD5 rainbow tables. One Google search is all it takes.

You still can use salts with md5, and it will thwart most of Google seaches.
The reason md5 has become so weak is because of how optimized md5 cracking has become, topping to around 180 billions iterations with the known biggest homemade GPU cluster.