MD5 hashing problem in news

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Locked
User avatar
phpdevuk
Forum Contributor
Posts: 220
Joined: Mon Jul 04, 2005 5:31 am
Location: UK
Contact:

MD5 hashing problem in news

Post by phpdevuk »

Anyone got any views of the MD5 hashing problem mention in the news on this site? Personally I use md5 all the time for passwords and making unique identifiers etc, bit worrying if it has become really insecure.
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Re: MD5 hashing problem in news

Post by JayBird »

phpdevuk wrote:Anyone got any views of the MD5 hashing problem mention in the news on this site? Personally I use md5 all the time for passwords and making unique identifiers etc, bit worrying if it has become really insecure.
It hasn't suddenly become insecure, it always has been...it is just that it has been highlighted now.

I did some tests on my home PC, and pretty much any 5 character Alphanumeric + Special character password could be brute forced in less than 10 minutes.
User avatar
phpdevuk
Forum Contributor
Posts: 220
Joined: Mon Jul 04, 2005 5:31 am
Location: UK
Contact:

Post by phpdevuk »

yeah I've always been aware that you could do that by trying combinations and words to match the hashed value, always felt if you use a combination of letters and numbers then its harder to crack.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

It's been in the news a few times lately. Clashes in the hashspace are in the news every so often, but the latest time I saw something about it was a webservice password checker that has 12 million common passwords with their MD5 hash .. you submit a hash are it returns the plaintext to you. I ignored it coz I salt my passwords.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

I did a tutorial on MD5, then we discussed the first paper mentioning security problems with it. I cleared up some more misconceptions, a little while later.

Then this week, PatrikG brought up the latest website using rainbow tables to highlight the weaknesses in md5, so Feyd brought up having better encryption in php's core.

Do we *seriously* need another topic to rehash it? :)
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

i think Roja has summed this up in the provided link.

Topic closed
Locked