Skip navigation.
Home
The PHP WTF
Home

Why use MD5 when you got MD4?

Submitted by phrax on Tue, 2004-10-05 14:56. Hall of Fame | Bad Architecture

Okay before we get deeper into this craziness I would like to remind people that MD5() has been available since php3. Plus MD5 is way more secure than MD4... so I introduce you to today's PHP WTF.

<?php
function getMd4Pwd($pwd) {
    $pwd = trim($pwd);
    if (strlen($pwd) &lt;= 0)
      return "";
    unset($arrOut);
    <em><strong>$strCmd = "/usr/local/bin/md4sum ".$pwd;</strong></em>
    exec($strCmd,$arrOut);
    return strtoupper($arrOut[0]);
  }
?>

But wait! It gets worse... not only are they not using md5(), they execute a shell script to get an MD4 hash! Really you can't make this stuff up...

And what is /usr/local/bin/md4sum you may ask? Well let me show you...

#!/usr/bin/perl -w
use Digest::MD4;
use Unicode::String qw( utf8 );
Unicode::String->stringify_as( "utf16" );
$u8 = utf8( shift );
print Digest::MD4->hexhash($u8->byteswap), "\n";

So we have a PHP script that calls a Perl script to generate an obsolete, insecure MD4 hash. Not only that but Perl doesn't even have MD4 by default, you have explicitly install it. Um...WTF?!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Submitted by Mark IJbema (not verified) on Tue, 2004-10-12 13:06.
This can very well be backwards compatibility with a database scheme which is already in use. If you already have passwords encoded in md4 you can't convert them to md5.
» reply

Submitted by Anonymous on Tue, 2004-10-12 15:25.
That could be... but I highly doubt it. Since the database was built for the Intranet. Only the original developer truely knows....
» reply

Submitted by Forever Geek (not verified) on Thu, 2004-10-14 20:17.
WTF Inducing PHP Code
You may have heard of The Daily WTF where bad code across all languages is flogged on a near daily basis. Now, someone has started a similar site focusing specifically on bad PHP code snippets. It's relatively new, and...
» reply

Submitted by Ben Ramsey (not verified) on Wed, 2004-10-13 05:39.
I'm not sure what the app is for, but my guess is that it was originally a Perl application running on the Web/Intranet, and they decided in the last year or two to move to PHP. In the Perl app, they used MD4 hashes, and that could've worked for them for years (say, since the mid 90s), so they needed to stay with MD4, as Mark suggested. Since PHP doesn't have a built-in MD4 command, it was easier to just keep their original Perl script that, though incredibly simple, saved them a great deal of time.

I'm not sure if this deserves a WTF? Maybe it just deserves a "huh?"
» reply

Submitted by Aaron Wormus (not verified) on Wed, 2004-10-13 05:49.
If you have 50,000 people using a legacy system which uses MD4 passwords, and you want to upgrade to PHP, exactly what would you do? Tell everyone to change their password?

This is certainly a WTF, but the WTF factor is not in the fact that they need to generate MD4 hashes, but the fact that they do no checking of $pwd. What would happen if someone decided to have a password of "| rm -r /"
» reply

Submitted by Henri Cook (not verified) on Thu, 2004-10-14 08:51.
People still use md* hashes? Sha1 is the way forward!

This definitely deserves a W.T.F unless it was being adapted for wehatesecurity.com!
» reply

Submitted by skwash (not verified) on Fri, 2004-10-15 10:03.
Even if it's a legacy system, would it be so hard to migrate on an active system?

Add a column for MD5 passwords to the database, when the user logs in, check to see if an MD5 pass exists, if there is none generate an MD4 and an MD5 from the password supplied by the user, check to see if the MD4 matches, and add the MD5 to the database. If there is an MD5 pass, generate the MD5 from the pass and check for a match. Walla! Am I flawed in my thinking? Depending on how often users log in (didn't someone say this was for an intranet?) you could have "secure" passwords within a few days.
» reply

Submitted by JC (not verified) on Fri, 2004-10-15 11:23.
skwash, that'd probably work... and eventually you could then wipe the MD4 stuff from the system.

Probably don't really need to, though. On an intranet, the primary reason to encrypt a password is just to keep it from being easy to read by people with database access... don't have to worry too much about outside attacks.

Btw it's voila, not "walla"
(well, actually, it's voil�, but accent marks are hard to type on US keyboards so no one bothers)

» reply

Submitted by foxyshadis (not verified) on Sun, 2004-10-17 03:03.
MD4 came out in 1990. MD5 came out in 1991. The chances of an internal application having run since 1990 are not nonexistent, but exceedingly slim, which means whomever built the original probably yahoo'd for a secure way to do it and picked the first one, and whomever ported it to php couldn't figure out how to do it there and just kept the legacy chunk.

Not to mention everyone seems to have forgotten that md4 is supported in PHP via the mhash library. (The PHP.net docs are out of date, however.)

skwash had an awesome way to transparently change a working database to a new standard. I feel bad that I didn't and probably wouldn't have thought of it, for this case.
» reply

Post new comment




*

  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre> <p> <br>
  • Web and e-mail addresses are automatically converted into links.
More information about formatting options