MD5 hashing problem in news
Moderator: General Moderators
MD5 hashing problem in news
Anyone got any views of the MD5 hashing problem mention in the news on this site? Personally I use md5 all the time for passwords and making unique identifiers etc, bit worrying if it has become really insecure.
Re: MD5 hashing problem in news
It hasn't suddenly become insecure, it always has been...it is just that it has been highlighted now.phpdevuk wrote:Anyone got any views of the MD5 hashing problem mention in the news on this site? Personally I use md5 all the time for passwords and making unique identifiers etc, bit worrying if it has become really insecure.
I did some tests on my home PC, and pretty much any 5 character Alphanumeric + Special character password could be brute forced in less than 10 minutes.
It's been in the news a few times lately. Clashes in the hashspace are in the news every so often, but the latest time I saw something about it was a webservice password checker that has 12 million common passwords with their MD5 hash .. you submit a hash are it returns the plaintext to you. I ignored it coz I salt my passwords.
I did a tutorial on MD5, then we discussed the first paper mentioning security problems with it. I cleared up some more misconceptions, a little while later.
Then this week, PatrikG brought up the latest website using rainbow tables to highlight the weaknesses in md5, so Feyd brought up having better encryption in php's core.
Do we *seriously* need another topic to rehash it?
Then this week, PatrikG brought up the latest website using rainbow tables to highlight the weaknesses in md5, so Feyd brought up having better encryption in php's core.
Do we *seriously* need another topic to rehash it?