MD5 creator: "[MD5] no longer considered safe”
Posted: Thu Jun 07, 2012 11:31 am
While is has been preached here for a while that MD5 is not a good choice to use for password hashing, it was definitely confirmed:
http://phk.freebsd.dk/sagas/md5crypt_eol.html
-Greg
http://phk.freebsd.dk/sagas/md5crypt_eol.html
More info: http://www.zdnet.com/blog/security/md5- ... safe/12317 including:As the author of md5crypt, I implore everybody to migrate to a stronger password scrambler without undue delay.
Saw an article this morning that eharmony was also compromised, however didn't catch if they are also being easily decrypted.The primary cause [of the decrypting of some of the 6.4 million passwords leaked] is LinkedIn’s failure to properly ’salt’ the hashed passwords using SHA-1 algorithm.
-Greg