🔥 FiveM - MD5 Hashing in pure lua [FOR DEVELOPERS]


#1

Import it as a depencency, this is a release for developers.
Should be self explanatory on how to use.
FiveM-MD5.zip (4.0 KB)

Enjoy.


#2

Great Release. I’ll mess around with this a bit later.


#3

What would be a use for MD5 hashing in GTA V?


#4

image


#5

If someone has made a UCP panel within the game with the option to type password and username when entering that’d be good, until then. it will be useless for others because you have auto-log through the license key.


#6

While just tossing a ZIP is nice, what is MUCH better is to grab a github account (if you don’t have one) and link it instead. Then people can see your code before blindly downloading a ZIP.

Not to mention, if you used the Lua-implementation of MD5 that I had linked to you in Discord when you were asking about this, you need to properly credit it according to the license issued for that code.

“Do it nice or do it twice.”


#7

It is literally an exact replica of that, the license is in there. The only change made is that he removed the functions from the table… not completely sure why.


#8

To add to this resource: don’t use it to hash sensitive data, big chance that people can decrypt the md5 hash using an online decrypter tool, not good.

From a publicly available website:

We have a total of just over 829.726 billion unique decrypted MD5 hashes since August 2007.

Using some hashing algorithm from the SHA (preferring Keccak) family would be way more secure, but the tradeoff it’s more difficult to implement.


#9

perhaps actually looking at the file, you would see that the MIT license accreditation is already there.


#10

Why would you want to use MD5. I don’t think there is really a use for it.


#11

A checksum to validate submitted data with a server event?? Only use case I can think of for md5. But anyone that half way knows what they’re doing when cheating/hax0ring could just md5 it themselves.


#12

I wouldn’t use MD5 regardless of what you would be using it for its just too old/weak for any modern day use. If anything use something like bcrypt, scrypt, or argon2.


#13

So the MD5 Hash is rerouting in the majoogily?

https://www.youtube.com/watch?v=c4HKOWG2oEA 3:08


#14

Generate a seed hash it, hash the password then save the seed alone and then add seed to password hash that that way you can save the password securely.

to save:

local seed = md5(generateseed())
local password = userpassword

mysql.save(seed)
mysql.save(md5(seed…password))

to retrieve:

local seed = mysql.fetch(md5savedseed)
local seededpass = mysql.fetch(md5seedpassword)
local password = getwhatuserenteredtopassword

if (md5(seed…password) == seededpass then loginsuccess() end

I am on mobile so this is the best I can do to explain how you can make md5 secure.


#15

Yes that helps, but let’s face facts: md5 isn’t secure. You can salt it all you want. It’s still a defunct hash. I’m not saying there’s not a use case for md5, but I’d certainly not consider password storage one of them.


#16

Well if you salt it enough unless the guy who gets hold of your data has a supercomputer with tons of raw processing power, it should be secure enough. In the end no system is secure, at least thats our motto right?.. As pen-testers?


#17

You are correct. If it’s an acceptable risk for you, that’s all that matters. :+1: Certainly better than some of the plain text solutions that are on this forum.