Convert list into MD5 hashes

[tonyyeb]

Hi all

I want to upload a load of passwords into a MySQL server table. But I want to upload them after MD5'ing them. Can this be done in Excel easily? Or is there a nice program I can give a list of passwords to and it will give me the MD5 for it?

Thanks in advance

 

[Pho]

Why not upload them to a temporary table and use MySQL to MD5 them into the proper table?

 

[daz]

PHP would be the easiest for this ... md5($str)

 

[tonyyeb]

Why not upload them to a temporary table and use MySQL to MD5 them into the proper table?

Sounds great.... how?

 

[Pho]

Meh how were you planning on importing the data at the moment, PHPMyAdmin, Query Browser etc?

 

[tonyyeb]

PHPMyAdmin

 

[Spyhop]

Or is there a nice program I can give a list of passwords to and it will give me the MD5 for it?

If you have a Unix system:

cat passwords.txt | xargs -I 'line' md5 -s 'line' | grep -o "[0-9a-f]*$" > passwords_md5.txt

 

[Pho]

PHPMyAdmin

This seems to work then:

1. Open up PHPMyAdmin, select your database and go to the 'import' tab.
2. Select either:
   Excel 97-2003 XLS Workbook or
   Excel 2007 XLSX Workbook
3. Tick 'Column names in first row'
4. Click 'go'

If all goes to plan it'll create a table such as 'sheet1' with your data in it. You can then run this query to get the MD5 passworded version:

SELECT UserID, MD5(Password) FROM `sheet1`

Or to insert to another table..

-- Create table
CREATE TABLE IF NOT EXISTS `Users`
(`UserID` INT NOT NULL, PRIMARY KEY(`UserID`), `Password` VARCHAR(128) NOT NULL);

-- Copy passwords
INSERT INTO `users` (UserID, Password)
SELECT UserID, MD5(Password)
FROM `sheet1`

My Excel data was set-up like this:

UserID	Password
1	507351
2	612793
3	757456
4	545977
5	608975
6	608508
7	534176
9	677338
10	620950

And I got this:

UserID	Password
1	6722443e76876da7c020f6ed69333950
2	c4fe0433df0c1db608e15411087a74af
3	a19b8f328b2d134fcb0ae9db0910703f
4	d43474981303b05a7a43adeb35d635dc
5	23da342598262a46c6226b4213cd672a
6	9fea09455624ebd79cae31aa98fe4af7
7	a6976960596460bbbd937b9fff6646be
9	3633ca166f1030a926289dc44c48c548
10	0d13e7e05dcb69b1580eda7d44ef53bd

 

[tonyyeb]

@Pho

Thanks very much for that. Ill give that a go tomorrow. Really appreciate you putting the time in for that. Thanks again.

 

[tonyyeb]

@Pho

Thanks very much for your help. It worked a treat!

 

[Pho]

Glad it worked .

 

[tntcoder]

Just some advice, don't use MD5 for password hashes if you have a choice, its pretty much completely broken now.

Go for something like SHA256

 

[Pho]

Isn't MD5 + salt still ok though?

http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/

 

[tntcoder]

Isn't MD5 + salt still ok though?

http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/

Well you should really not rely on having a secret salting algorithm or salt itself, from a security perspective you have to assume an adversary knows all your algorithms. And this is perfectly plausible, if someone breaks in using any number of vulnerabilities, they can just look through your code and find your salts/algorithms and generate collisions for the MD5 in just a few hours. Essentially you're using security through obscurity which never ends well

End of the day, unless there is a reason you cant use/store secure 256bit hashes there is little reason not to.

 

[Pho]

Good point. Though if someone has access to your site's source it's probably game over either way as they could just save off the raw form data people are entering somewhere.