13 Replies Latest reply on Oct 8, 2008 9:30 AM by Xposure Interactive

    MD5

    Xposure Interactive Level 1
      I am looking for MD5 encryption in dir11.

      I have a training application which will then need the details of the user to be uploaded to an online database. I want the application to encrypt the users details which will be decrypted by the webform to validate that they have passed the training. My php developer says the easiest way to do this is with MD5. I therefore need to encrypt their details with MD5 in the application.

      Thanks for your help.
        • 1. Re: MD5
          Level 7
          Xposure Interactive wrote:
          > I am looking for MD5 encryption in dir11.

          MD5 is not encryption, it's a hashing algorithm. You give it a file and it
          gives you back a 128-bit number.

          > I have a training application which will then need the details of the
          > user to be uploaded to an online database. I want the application to
          > encrypt the users details which will be decrypted by the webform to
          > validate that they have passed the training. My php developer says
          > the easiest way to do this is with MD5. I therefore need to encrypt
          > their details with MD5 in the application.

          A Lingo implementation of the Blowfish ciper:

          http://www.killingmoon.com/director/lingofish/

          Andrew


          • 2. Re: MD5
            Level 7
            > A Lingo implementation of the Blowfish ciper:
            > http://www.killingmoon.com/director/lingofish/

            Unless it's been updated recently, chances are that lingofish won't work
            with dir11.


            "Andrew Morton" <akm@in-press.co.uk.invalid> wrote in message
            news:gc2iak$1fc$1@forums.macromedia.com...
            > Xposure Interactive wrote:
            >> I am looking for MD5 encryption in dir11.
            >
            > MD5 is not encryption, it's a hashing algorithm. You give it a file and it
            > gives you back a 128-bit number.
            >
            >> I have a training application which will then need the details of the
            >> user to be uploaded to an online database. I want the application to
            >> encrypt the users details which will be decrypted by the webform to
            >> validate that they have passed the training. My php developer says
            >> the easiest way to do this is with MD5. I therefore need to encrypt
            >> their details with MD5 in the application.
            >
            > A Lingo implementation of the Blowfish ciper:
            >
            > http://www.killingmoon.com/director/lingofish/
            >
            > Andrew
            >
            • 3. Re: MD5
              Chunick Level 3
              Here's a link to the MD5 checksum hash I posted written in Javascript for a registration key scheme... you'll have to scroll to the appropriate post. Because it's implemented in Javascript it should work in D11 - but I don't own D11 so you'll have to verify that. Just set the script language to Javascript on a moviescript member and past the code from the link:
              http://director-online.com/forums/read.php?2,22279,22303#msg-22303
              • 4. MD5
                Xposure Interactive Level 1
                quote:

                Here's a link to the MD5 checksum hash I posted written in Javascript for a registration key scheme... you'll have to scroll to the appropriate post. Because it's implemented in Javascript it should work in D11 - but I don't own D11 so you'll have to verify that. Just set the script language to Javascript on a moviescript member and past the code from the link:


                Thanks for your help. I think i'm getting there slowly!

                I have used the following code (simplified) to encrypt the string using the key "Duncan" (I hope).

                on mouseUp
                toEncrypt = member("theText").text
                encryption = hex_hmac_md5("Duncan", toEncrypt)
                alert "" & encryption
                member("theText").text = encryption
                end

                How do I decrypt this to make sure i've got it right?

                Sorry if i'm trying your patience but i'm a bit of part timer when it comes to programming.
                • 5. Re: MD5
                  Level 7
                  As Andrew wrote yesterday, md5 is not an encryption, but a hashing
                  algorithm. http://en.wikipedia.org/wiki/MD5
                  MD5 is used mostly to create fingerprints, and can be used as 'encryption'
                  algorithm in terms that the hashed value generated by one side must match
                  the one on the other side. You can't restore the original data.
                  Haven't tested the javascript method mentioned, but if it returns an
                  integer, then you can forget about it.
                  Imagine a multi megabyte file compressed in an 32bit, or even 128 bit value?

                  "Xposure Interactive" <webforumsuser@macromedia.com> wrote in message
                  news:gc5dc6$rpc$1@forums.macromedia.com...
                  >
                  quote:

                  Here's a link to the MD5 checksum hash I posted written in Javascript
                  > for a
                  > registration key scheme... you'll have to scroll to the appropriate post.
                  > Because it's implemented in Javascript it should work in D11 - but I don't
                  > own
                  > D11 so you'll have to verify that. Just set the script language to
                  > Javascript
                  > on a moviescript member and past the code from the link:

                  >
                  > Thanks for your help. I think i'm getting there slowly!
                  >
                  > I have used the following code (simplified) to encrypt the string using
                  > the
                  > key "duncan" (I hope).
                  >
                  > on mouseUp
                  > toEncrypt = member("theText").text
                  > encryption = hex_hmac_md5("Duncan", toEncrypt)
                  > alert "" & encryption
                  > member("theText").text = encryption
                  > end
                  >
                  > How do I decrypt this to make sure i've got it right?
                  >
                  > Sorry if i'm trying your patience but i'm a bit of part timer when it
                  > comes to
                  > programming.
                  >
                  • 6. MD5
                    Xposure Interactive Level 1
                    I'm assuming I also won't be able to 'decrypt' a string encypted with the javascript implementation of SHA-1 for the same reasons?

                    re: Blow Fish; lingoFish seems to work fine for me but the encryption is not practical for my needs. For example I can't ask the reseller to type 'ô{Éòƒ5ÚÃɉ¥îv¼ä' into the php web form.
                    • 7. Re: MD5
                      Level 7
                      Xposure Interactive wrote:
                      > I'm assuming I also won't be able to 'decrypt' a string encypted with the javascript implementation of SHA-1 for the same reasons?
                      Yep.
                      Perhaps you should consider using a simple xor encryption algorithm.
                      Weak, but fast and easy to implement - in both sides.
                      • 8. Re: MD5
                        Applied CD Level 1
                        A while ago I wrote a matched set of Lingo/ASP scripts that allowed a Director app to query a remote DB and retrieve the results as a nested set of lists using RC4 encryption in both directions. This was the general idea:

                        Director/Lingo: Build SQL Query String -> RC4 encrypt (using local key) -> Hex encode -> send string to ASP server
                        ASP/Server: Get string -> Hex decode -> RC4 decrypt (using local key) -> execute query -> RC4 encrypt results (using local key) -> Hex encode results -> return results
                        Director/Lingo: Get results -> Hex decode -> RC4 decrypt (using local key) -> process results

                        The encryption/encoding (and decryption/decoding) aren’t all that complicated and run reasonably quickly, the real trouble is cleaning user input of SQL injection attacks and processing the return results which is of course application specific. I’ll post more info or the scripts if you’re interested.
                        • 9. MD5
                          Xposure Interactive Level 1
                          quote:


                          Yep.
                          Perhaps you should consider using a simple xor encryption algorithm.
                          Weak, but fast and easy to implement - in both sides.



                          It seems to yield the same unpractical strings as as mentioned from lingoFish or an empty string. In my case I need to have a reseller to manually type something into a php form. Can I convert these charaters into something more readable that could easy be un done by php. There are php implementations of Blowfish and (of course) xor so then I could use either.

                          uuencode in lingo?
                          • 10. Re: MD5
                            Level 7
                            alchemist wrote:
                            >> A Lingo implementation of the Blowfish ciper:
                            >> http://www.killingmoon.com/director/lingofish/
                            >
                            > Unless it's been updated recently, chances are that lingofish won't
                            > work with dir11.

                            It passes the supplied tests with the Shockwave 11 plugin in Firefox.

                            It could simply be the case that the generated data is twice as much with
                            the Unicode overhead; the OP will undoubtedly be eager to try it out.

                            Andrew


                            • 11. Re: MD5
                              Level 7
                              Andrew Morton wrote:
                              > alchemist wrote:
                              >>> A Lingo implementation of the Blowfish ciper:
                              >>> http://www.killingmoon.com/director/lingofish/
                              >> Unless it's been updated recently, chances are that lingofish won't
                              >> work with dir11.
                              >
                              > It passes the supplied tests with the Shockwave 11 plugin in Firefox.
                              >
                              > It could simply be the case that the generated data is twice as much with
                              > the Unicode overhead; the OP will undoubtedly be eager to try it out.
                              >
                              > Andrew
                              >
                              >

                              Or that the generated data are wrong. You see, blowfish works with
                              unsigned chars. If you pass a char value outside the byte range (>255)
                              only the fist byte will be used.
                              So, if you only use ascii characters, encoding will be ok. However, the
                              encrypted string will contain byte combinations that, if treated as
                              utf-8, will be mapped to a single char, with value outside the 0-255
                              range. Trying to decrypt such a string, will produce false results -or
                              failure, if lingofish checks for the standard 8byte bf padding- due to
                              long>byte truncation.

                              Lingofish can be updated to work with dir11 - and multipage mbcs, btw.
                              But that, along with some required optimizations, is a task that will
                              probably take more than just a couple of hours, even for lingo veterans.

                              If interested in doing it -it's your field, btw ;) - I can send you an
                              xtra that supports, amongst others, the bf encrypt/decrypt mode
                              lingofish uses, to verify lf's output.
                              • 12. Re: MD5
                                Chunick Level 3
                                quote:

                                It seems to yield the same unpractical strings as as mentioned from lingoFish or an empty string. In my case I need to have a reseller to manually type something into a php form. Can I convert these charaters into something more readable that could easy be un done by php. There are php implementations of Blowfish and (of course) xor so then I could use either.

                                uuencode in lingo?
                                Ok, back to the basics: What exactly are you trying to accomplish? You mention in the original post that you're trying to encrypt the user's details which will be decrypted by the web form to validate that they have passed the training. What user details? And for what purpose do you need to get those details back at the other end by decrypting? If this needs to be done, then why is the user (in your other post) having to type anything in a web form?... and I quote, "For example I can't ask the reseller to type 'ô{Éòƒ5ÚÃɉ¥îv¼ä' into the php web form." Some idea of the procedure you're trying to implement would be helpful because things are getting confusing, fast.

                                • 13. Re: MD5
                                  Xposure Interactive Level 1

                                  Ok, back to the basics: What exactly are you trying to accomplish? You mention in the original post that you're trying to encrypt the user's details which will be decrypted by the web form to validate that they have passed the training. What user details? And for what purpose do you need to get those details back at the other end by decrypting? If this needs to be done, then why is the user (in your other post) having to type anything in a web form?... and I quote, "For example I can't ask the reseller to type 'ô{Éòƒ5ÚÃɉ¥îv¼ä' into the php web form." Some idea of the procedure you're trying to implement would be helpful because things are getting confusing, fast.





                                  There are two parties. The user of the program and the agent who sells them the program. The program is e-learning and when the user has been through the program then I want the program to generate an encryption of their details (name, d.o.b.). The agent will then retrieve the users details and the encryption (via email or over the phone) and enter the user into an online database. The encryption of the users details is to prove that they have completed the training.

                                  Clear as mud?

                                  Using a hashing algorithm to encrypt a string containing the users details will suffice for my needs. The web form can then do the same and just check to see if the encryptions match.

                                  Converting the output of lingoFish or xor into a more readable format may be useful for the future though. Would uuencode/uudecode be a method for doing this? Has anyone implemented uuencode/uudecode in lingo? I think this might be the process adopted in the encrypt functions of the budapi xtra but I haven't been able to find anything yet?