Page 1 of 1

MD5 hashing problem in news

Posted: Wed Aug 24, 2005 5:22 am
by phpdevuk
Anyone got any views of the MD5 hashing problem mention in the news on this site? Personally I use md5 all the time for passwords and making unique identifiers etc, bit worrying if it has become really insecure.

Re: MD5 hashing problem in news

Posted: Wed Aug 24, 2005 5:34 am
by JayBird
phpdevuk wrote:Anyone got any views of the MD5 hashing problem mention in the news on this site? Personally I use md5 all the time for passwords and making unique identifiers etc, bit worrying if it has become really insecure.
It hasn't suddenly become insecure, it always has been...it is just that it has been highlighted now.

I did some tests on my home PC, and pretty much any 5 character Alphanumeric + Special character password could be brute forced in less than 10 minutes.

Posted: Wed Aug 24, 2005 5:58 am
by phpdevuk
yeah I've always been aware that you could do that by trying combinations and words to match the hashed value, always felt if you use a combination of letters and numbers then its harder to crack.

Posted: Wed Aug 24, 2005 6:48 am
by onion2k
It's been in the news a few times lately. Clashes in the hashspace are in the news every so often, but the latest time I saw something about it was a webservice password checker that has 12 million common passwords with their MD5 hash .. you submit a hash are it returns the plaintext to you. I ignored it coz I salt my passwords.

Posted: Wed Aug 24, 2005 6:48 am
by Roja
I did a tutorial on MD5, then we discussed the first paper mentioning security problems with it. I cleared up some more misconceptions, a little while later.

Then this week, PatrikG brought up the latest website using rainbow tables to highlight the weaknesses in md5, so Feyd brought up having better encryption in php's core.

Do we *seriously* need another topic to rehash it? :)

Posted: Wed Aug 24, 2005 6:57 am
by JayBird
i think Roja has summed this up in the provided link.

Topic closed