Syranide wrote:Well, there is a negative side too if you force the conversion to the users, as he apparently doesn't want that, and I agree.
For the user, if implemented properly, its transparent. With md5, they enter their password, and they are granted access. During the transition, they enter their password, and they are granted access. After.. you get the idea. Its identical, and transparent to the user.
Syranide wrote:As far as you say, they follow a pattern, no they don't really, that's the point, and that is why it is still hard to crack them, it has just been made faster, it has not been cracked. MD5lookup library you say? 40^64 (or more) possible MD5-hashes.... well, doesn't sound very likely to me, not for the public. 2^32 rings a bell as being over 4 billion, and well, 40^64 is according to the unprecise calculator 3.4E102 ... which would mean well, over ~2E91 TB of MD5 records... something tells me that is more than all drives in the entire world summed up and squared. The only MD5 lookup libraries that exist to my knowledge only work for common words.
Wow, talk about a huge amount of inaccuracies.
1. There are massive md5 rainbow tables - and they are not at all only for common words. In fact L0phtcrack5 ships with a set of DVDs containing *every* 8-character alphanumeric combination (upper and lowercase!). That would cover the vast majority of passwords in active use on most websites. There are also multiple online versions with larger or comparable sized lookup tables.
The lookup libraries are not limited to common words.
2. The breaks to MD5 are substantial, and serious. Instead of 4 billion+ possibilities, with the latest tunneling attack, you can find an MD5 hash in minutes on a 1ghz laptop.
MD5 is no longer cryptographically secure against brute force attacks.
Syranide wrote:But regardless, no, even if they know the salt, it doesn't matter, because the salt is "disolved" when you hash, so "Hello|SaltA|World" and "Hello|SaltB|World" on two different sites cannot be used to hack the other if you know the salt and hash.
Thats more accurate, but still not "dead on". While the salt adds to the entropy, and as such isn't a correlated predictive function, it *can* reduce the attack time. The math required to show this is far beyond the scope of these forums, but having the salt, and multiple hashes can substantially decrease the time to attack.
(But yes, the salt is dissolved, and its value is arguably less than critical).
Syranide wrote:So cracking the hash is NOT equal to the password, it is only equal to garbage with the same hash = you don't get the password, and the garbage has the salt in it. Therefore, your password is not compromised, not even the access to the server is compromised as the password is already salted, and when you enter the garbage password, it will get salted again and fail the test. So even if you know the salt it doesn't matter, because you cannot "subtract" the salt from the garbage or hash.
Knowing the salt means you can once again use lookup tables (build your own, or otherwise). The purpose of salts is to prevent lookup tables, and to add entropy. If the salt is compromised, there is less entropy, period. Its more predictable.
Syranide wrote:I do not exclude the possibility of being able to generate garbage for a specific salt and hash that would generate the correct hash after being salted, but it still doesn't become a problem as the password is still protected for other servers, since their salt IN CASE OF THIS BEING POSSIBLE is not known, nor would the garbage likely pass being applied a salt on another server even if their salt was known.
Once you have the salt, and can use a rainbow table to do the lookup, then you compromise the underlying password. With the password, other sites using other salts wont matter - because you have the password, and they can add their salt, and you will gain access.
Syranide wrote:Understand that I am not against changing to another algorithm, I'm merely trying to point out that there is no need to rush it, they cannot hack your site any easier now than before. If you want get real security, get a longer password for the database instead and run it on secure dedicated server.
Actually, you DID argue that you don't agree with changing to another algoritm at the beginning of your post.
Further, you tried to support that argument by saying that md5 is no less secure than it was previously, which is provably false. It has suffered tremendous, crippling compromises, and the latest findings bring the time to compromise down to a laughably trivial amount of time on common hardware. Thats the definition of it being easier for them to hack your site easier now than before.
Before you continue on your repeated attacks, I highly suggest you read the latest papers on attacks on md5.
You are misinformed, and you are confusing a simple issue.