Page 1 of 2

Just noticed this on the index page -- ??

Posted: Wed Oct 05, 2005 7:09 pm
by Luke
News wrote:"But, but, but...MD5 is an encryption, right?" Nope, it's not. It's a hashed string. And it can easily brute-forced, now even more easily than ever

slashdot wrote:

"Sporting over 12 million entries, project GDataOnline is one of the largest non-RainbowTable based MD5 crackers on the internet. The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization. Average crack time for 5 hashes: .04 seconds. No more waiting weeks for your results!"

Source: http://it.slashdot.org/article.pl?sid=05/08/21/1946254

If you still rely on MD5 for any kind of security: don't. SHA1 has been cracked as well, so your best bet is using PHP's crypt() function (and not use it's MD5 hashing).
Almost every user-authenticate thread I have read in here has supported the use of md5... what is this all about?

Posted: Wed Oct 05, 2005 7:17 pm
by feyd
Roja among others have talked copious amounts of times about the "breakage" of MD5 and all the related systems.. even that thread talks a lot about it and I bet this one will to. ;) Even searching the board for SHA256 (a much much more secure hash) pulls up 35 threads...

Posted: Wed Oct 05, 2005 7:43 pm
by Jenk
Test it with:

abcdefgh123

;)

Posted: Thu Oct 06, 2005 11:16 am
by Luke
That's crazy... so is there a new hashing method that is more secure? (Is it sha256?)

Posted: Thu Oct 06, 2005 11:42 am
by feyd
MD5 < SHA1 < SHA256
MD5 < MD5+salt
SHA1 < SHA1+salt
SHA256 < SHA256+salt

:)

Posted: Thu Oct 06, 2005 1:55 pm
by onion2k
I don't hash my passwords anymore. I use MySQL's AES_ENCRYPT function instead. It's as secure as I need it to be and it means I have access to the passwords if necessary .. but it's not very portable.

Posted: Thu Oct 06, 2005 4:02 pm
by Ambush Commander
Isn't the point not to know the password? If your decryption key is compromised, bye bye all the passwords. But if all they have are a bunch of hashes, they'll need to construct rainbow tables to figure 'em out.

Posted: Thu Oct 06, 2005 4:30 pm
by Roja
feyd wrote:Roja among others have talked copious amounts of times about the "breakage" of MD5 and all the related systems.. even that thread talks a lot about it and I bet this one will to. ;) Even searching the board for SHA256 (a much much more secure hash) pulls up 35 threads...
Of course I will here too!
One armed space goat wrote:Almost every user-authenticate thread I have read in here has supported the use of md5... what is this all about?
I think we're going to have to update the md5 tutorial itself to mention this issue, because it comes up every week.

So, to review.. ( viewtopic.php?t=38409&highlight=md5+crack )
News wrote:"And it can easily brute-forced, now even more easily than ever
The statement that it can be more easily brute-forced than before is true, as multiple weaknesses have been found in it. However, the example you give ISN'T about that. It's a lookup table..
News wrote:"Sporting over 12 million entries, project GDataOnline is one of the largest non-RainbowTable based MD5 crackers on the internet. The database spans over 7 languages, 35 topics, and contains common mutations to words that include numbers and capitalization. Average crack time for 5 hashes: .04 seconds. No more waiting weeks for your results!"
Thats not a cracker. Thats a lookup table. Much like you wouldnt call Yahoo's map system a "Zip code cracker", you shouldn't call a rainbow table a "online md5 cracker". It looks up OUTPUT, based on INPUT.

Thats why the old-timers suggest using salt in your hashes - it makes rainbow tables far less efficient (almost useless).

Imagine doing a zipcode lookup, but you have to add a random number to the zipcode - a random number that is only good once. And if you use the wrong zipcode, you find Florida instead of Ohio. Thats why salt is so useful.
News wrote:If you still rely on MD5 for any kind of security: don't. SHA1 has been cracked as well, so your best bet is using PHP's crypt() function (and not use it's MD5 hashing).
SHA1 has not been cracked.

They have found cryptographic weaknesses in the algorithm, that reduces the strength of the hash by a non-trivial (*) amount, but thats not a crack.

However, the statement "You shouldnt use md5 or SHA1 anymore" isn't a terrible one: If possible, switch to sha-256, which has not yet had any breeches identified. (There is speculation that the same vulnerabilities affecting sha1 might OR might not affect sha-256, but even if it does, sha256 is so much more strong that it wouldn't matter much)

* Non-trivial meaning its measurable, which is not the same as "turns my safe into a paper bag".

Posted: Thu Oct 06, 2005 4:53 pm
by Luke
What if you did a sha256 hash of a md5 hash? Or even better yet a sha256 hash of an md5 hash that has been salted? Are these common practices?

It seems to me that a hash that is salted differently every time would be virtually uncrackable. Am I wrong?

Also, I didn't find any information about sha256 on php.net... can sha256 be used with php?

Posted: Thu Oct 06, 2005 4:56 pm
by Ambush Commander
What if you did a sha256 hash of a md5 hash? Or even better yet a sha256 hash of an md5 hash that has been salted? Are these common practices?
No. MD5 hashes are a fixed length, so they'll never be any longer or shorter, which reduces the number of total possible inputs. Don't do it.
It seems to me that a hash that is salted differently every time would be virtually uncrackable. Am I wrong?
Nothing is virtually uncrackable.

Well, except one time pads. But in reality, they're crackable too. Just consider salts something that increases security.

Posted: Thu Oct 06, 2005 4:59 pm
by Luke
No. MD5 hashes are a fixed length, so they'll never be any longer or shorter, which reduces the number of total possible inputs. Don't do it.
Thanks... I wouldn't have thought of that. I love this site. You guys are all so helpful.

Posted: Thu Oct 06, 2005 5:03 pm
by Roja
One armed space goat wrote:What if you did a sha256 hash of a md5 hash?
In simple terms, you are adding a strong link to a weak fence. Focus on the strong parts - not the weak.

So no, it would reduce the security of sha256. You'd be better off doing just sha256.
One armed space goat wrote:Or even better yet a sha256 hash of an md5 hash that has been salted? Are these common practices?
Nope. You should stick to a single method for the best security.
One armed space goat wrote:It seems to me that a hash that is salted differently every time would be virtually uncrackable. Am I wrong?
In crypto circles they prefer the term "Infeasible". As in, while I could hook up every computer on the planet and break your puny codes, it wouldnt be feasible for me to do so.

What you've described is called a one-time pad. (Salting differently every time - only using a salt once). And yes, an OTP can be extremely secure.
One armed space goat wrote:Also, I didn't find any information about sha256 on php.net... can sha256 be used with php?
Search for sha256 on these forums. Feyd produced a fantastic sha256 library for php!

Posted: Thu Oct 06, 2005 6:51 pm
by Luke
How about this idea Good or bad?

When a user signs up for whatever it is that you are offering them, you generate a user password
To create that password

1)you take the last 8 characters of the hash of this:
time().array_of_random_stuff['randomnumber']

2) hash that value and store it in your database...

Posted: Thu Oct 06, 2005 6:55 pm
by Ambush Commander
Personally, that annoys me. I'd rather have an email sent to me with a verification id, then click the link to fill in my password info and my account is enabled.

Posted: Thu Oct 06, 2005 7:12 pm
by feyd
last 8 characters of a hash is only 4,294,967,296 possible combinations.. that's a fairly small pool considering that's the equivalent of a 4 character password...