Code:
? SYS(2007,"Test of SYS(2007)")
>3391
? SYS(2007,"test of SYS(2007)")
>12605
That's not a proof, but show, results of SYS(2007) differ much if the message only changes slightly. But SYS(2007) seem to only vary from "0" to "65535", so you have a 16 Bit hash, which would be very easy to hack.
Example:
? SYS(2007,'mypa55word!453')
>47069
So the task now is, determine any password with that same hash 47069:
FOR nr = 1 TO 100000
IF SYS(2007,BINTOC(nr)) = "47069"
? nr
exit
endif
ENDFOR nr
results in 26720, which means, that chr(128)+chr(0)+chr(104)+chr(96) will also qualify as correct password.
?sys(2007,chr(128)+chr(0)+chr(104)+chr(96))
>47069
So it does not really help much, that I have choosen a secure password.
A hacker doesn't even have to know the hash, a 16 bit hash means he'll be in in about 32000 tries. Even if it's a webform and he has to send this amount of requests to a server, he doesn't have to do it manually, he can do it programmatically and he'll be in quite fast...
So, in general, yes, SYS(2007) in some respects works like MD5, but due to the "hash" being only 16 bit worth it's not
secure.
Bye, Olaf.