Home | Web Design | App / Game development | Flash | Flash Games | Graphic Illustration | Technical Illustration | Contact | Site Map    Twitter
 
  Galaxy Graphics Limited

Technical InformationWhat is MD5 encryption and why is it useful to me?

MD5 is a one-way encryption algorithm. This means data can be encrypted but never unencrypted. You may wonder what use is something that cannot be unencrypted, but imagine the following situation:

1) I send your server 3 pieces of information, such as a name, and email and a score. These are sent as name=bob, email=bob@bobcom.com and score=12345. It's clear to the messenger what these pieces of information are, and they could be tampered with by the messenger (which in the web world, is the http header and/or querystring and/or packets used to send the data from the user's browser to the webserver script).

2) So, I send your server 4 pieces of information. The 3 above as before along with a fourth, The fourth is the 3 added together, along with a secret string, and then this name+email+score+secretstring is run through an MD5 algorithm. The result might look something like this: c78604c9661e7f77f1db0e738f459ea3. This is an MD5 hash.

3) When you get the four pieces of information, your PHP/ASP code takes the original 3 and because you also know the secret string and the formula for construction, you're able to construct your own name+email+score+secretstring and create an MD5 hash from that.

4) From this you have both your newly calculated MD5 hash and the original sent MD5 hash that was sent with the data.

5) By comparing your MD5 hash to the original sent hash, you'll know if the clearly read data (the first 3 items) has been tampered with in any way, and you can therefore reject the data as invalid.

6) Becasue the messenger never knows the formula for calculating the MD5 hash or the secret string, the MD5 hash cannot be tampered with in a way that will compare with newly constructed MD5 hash.

7) Use of the MD5 checksum is optional but if you value the validity of the data being sent to your server (like for example, you're offering a prize), then it is strongly recommended you implement this.

In PHP, this would be something like the following lines:-

NOTE: The code below is only part of a script. It assumes you've already picked up the variables from the querystring and named them as $_name, $_email etc.

$_concat = $_name.$_email.$_score.$secretstring // Constructs a new string
$_mymd5 = MD5($_concat); // Turns this into an MD5 hash
if( $_mymd5 == $_originalMD5){ // Compares the new MD5 hash with the sent MD5 hash
// then data is valid
// proceed
} else {
// the data is invalid, so reject this
}

 
Site content Copyright © 2001-2014 Galaxy Graphics Limited. | Privacy Policy | Terms of use