Forums Scripts & Popups $encode and $decode

any way to reverse what these return?

I'm unsure what you mean by that.

yea what's the point

lol don't ya ever read mirc.hlp ?

//echo -a $encode(test) returns: $=&5S=```
how do i get: $=&5S=``` back to test?

btw i know this can be used for writing harmful files, but i need it for password protection.

Try using $encode(text,m) and $decode(text,m), it seems to actually work better.

ah, thanks

Scripting 101: when a string begins with % or $ or contains commas or any number of other metacharacters, you must store the string in a %variable if you wish to pass it to an $identifier.

var %s = $encode(text)
echo -a $decode(%s)

- Raccoon

If you wanna make sure your passwords don't get cracked opr anything, use $md5. It can't be decrypted, but that's not needed. Just storew the $md5 encrypted version, and when someone sends a password, compare $md5(what-he-sent) to the stored encrypted version.

Agreed. But we're not talking about passwords here.

$encode and $decode have legitimate purposes. Never the less, $md5 also requires you to pass the string in a %variable if it contains meta-characters.

pheonix wanted to know why uuencoded $=&5S=``` wouldn't $decode back to 'test', and that is because it began with $.

im using that already, i just thought i would make it more secure: im using a .dat file, but to $read/.write to the file, im using: $decode(stuffhere)(stuffhere will be the encoded filename).

Er, what exactly would you use $md5 for? and what do you mean CANT be cracked?

besides, im sure some sad person has made a dll or script: $unmd5(something)

general advice: don't post unless you know what you're talking about.

heh, since when didnt i know what i was talking about?

erm, what do you mean "we're not talking about passwords here" ? He literally said:
btw i know this can be used for writing harmful files, but i need it for password protection.

As for md5: last I heard the md5 encryption cannot be reversed. That doesn't mean it cannot be cracked, you'll just have to guess by md5'ing stuff and seeing if it comes up with the right encrypted format.

i might as well post the script here because you would have to add every word in every language to crack all passwords.

alias newmd5 {
if (!$read(unmd5.txt,s,$1)) {
.write unmd5.txt $1
.write unmd5.txt $md5($1)
}
}
alias unmd5 {
return $iif($read(unmd5.txt,s,$1),$read(unmd5.txt,$calc($readn + 1)),$1 couldnt be found.)
}

Since you opened your mouth about $unmd5().

Only post about things you know about, unless asking a question. Since MD5 cannot be reversed, your assumption that somebody probably already has makes you look very foolish indeed.

MD5 (and CRC) are simply a hashes (fingerprints) of a string, using complex math and pre-defined 128 bit values for each of the 256 ASCII characters. Like a real fingerprint, it doesn't contain real information about the person (eg: height, gender, hair color, etc)... but you can tell if you have the right person by looking at their finger and comparing their fingerprint.

Because there are an infinite number of possible words/phrases/novels of information that can be fingerprinted with $md5, it would be impossible to guess (decode) the actuall string passed.

- Raccoon

Highly Improbable but not impossible, anyways i was trying to make a password thingo before where can i get md5?

mIRC has a built in function, $md5(%string)

Btw, when I say impossible, I mean impossible. Because there are an infinite number of possible strings you can encode, that means any given hash (fingerprint) matches an infinite number of strings.

(from an earlier post) MD5 produces a 128 bit (16 byte) hash based off a similar but different technique as CRC uses. The accuracy of an MD5 is a whopping 1 in 340282366920938463463374607431768211456 (that's 340 undecillion). Even if you succeeded finding a single match, you can't be absolutly certain it is the correct match.

md5 rocks!

Just don't add the code pehonix suggested. It complete obliterates the functionality of $md5, and there is no reason to create a file of encrypted/unencrypted combos. Not unless you have malicious intent anyway.

i dont use that, nor intend for anyone to use it..
i was just showing you it ISNT impossible to crack: it would just take about 3 years to add: every possible character combo in every font

Your code still doesn't decrypt or reverse the encryption or crack it, it just stores values. If you are given an encrypted password your code can't do jack with it. A real decrypting algorithm could, but those do not exist.

It took the Distributed.net RC5 Challenge 5 years to crack, and RC5 was only 48 bit, no? RC5 is also fully reversable encryption, that is its purpose.

With MD5, it would take the effort of all the computers on the internet working tirelessly together, about 400 years to produce the original string... and even then there would still be some question.

- Raccoon

I'd say you're both right. There is no way to "crack" an MD5, but there are ways to "weaken" it to the point where it doesn't take "too long" to figure out the original value. There are a bunch of attacks that people have developed against MD5 that allow you to weaken it somewhat. However, the reason you can't crack it is, it is possible that 2 different values will produce the same MD5 hash. Thats just because you have an infinite number of input strings and a fixed number of output strings. But, since MD5 is used for passwords, not encryption in its truest sense, thats all you need. Just to provide a fake example,
$md5(asdf) = 123
$md5(hjkl) = 123

If the "real password" is asdf, the user types asdf and gets access. However if you, using some techniques, have found a way to "reverse" MD5, and you get "hjkl" as a result, it doesn't matter that you have a different "password" because the one you have works just as good as asdf since
$md5(%the_inputted_password) == $md5(asdf)
Even when %the_inputted_password = hjkl.

So you can't necessarily get the original text back, but you can get a value that is just as good as the original text. If you want to see weaknesses in MD5, you can search Google for "Birthday attack." That attack still doesn't necessarily make it feasible. Using brute force against MD5 would take billions of years (if not more), with the birthday attack it takes about 500 thousand years. Then there are more advanced attacks such as differential cryptanalysis (also known as the T attack). That has been used to successfully cause collisions in MD5 in many instances. The thing is though, your average Joe doesn't have the computer and mathematical know-how to figure out a T attack, the math involved in it is extremely complex, so thats more along the lines of the CIA/NSA type of thing rather than the guy down the street. To sum it up, very few cryptographers will say MD5 is secure (remember, it's ancestor MD4 was cracked after a while, and research shows that the MD4 attacks, with some modifications, could break MD5 as well), therefore the new breed of hashes have come out. For example SHA-1 which uses a 160 bit hash has no known weaknesses, nor does RIPEMD-160 which also uses a 160 bit hash. I personally would like to see either a $sha or $ripemd in mIRC, but seeing as how it took so long for $md5 to be added, I doubt that will happen any time soon.

Just one thing a bit sidetracking here, but didn't I read a while ago that the US government declared all encryptions of 32 bit to be national security issues and therefor not to be exported outside the US? Not that mIRC would necessarily have to adhere to that since it's not a US-built program, but still...

Well, if I remember it was 60bits, not 32, but what I was suggesting is not that mIRC add sha1.cpp into mIRC, Windows already has an SHA1 function. All I'm saying is mIRC should just use Microsoft's CryptoAPI to add support for SHA1, then there are no export restrictions to worry about because it is then MS's job to worry about that, not mIRC. Also the US does allow exporting of strong crypto, you just have to go through a bunch of stuff to get your program approved by the government. Thats mainly to make sure, for example, that someone doesn't make a program that uses strong crypto for a detonator for a bomb or something else that would potentially cause more problems than good.

Heh, and the odds of someone turning in their bomb detonator for certification is next to nil. It's kinda like the whole "war against handguns". Make them illegal to law abiding citizens so criminals have an added advantage.

Let's not go there shall we. Like it's a coincedence the US has the most murders of any western country.