MD5 password scrambler 'no longer safe'
Summary: The MD5 password hash algorithm is "no longer considered safe" by the original software developer, a day after the leak of more than 6.4 million hashed LinkedIn passwords.
The original author of the MD5 password hash algorithm has publicly declared his software end-of-life and is "no longer considered safe" to use on commercial websites.
This comes only a day after a data breach led to 6.46 million LinkedIn hashed passwords leaking to the Web. Since the data breach, thousands of passwords, including many that could be considered strong, have been decrypted, either through brute force or through lookups.
The primary cause is LinkedIn's failure to properly 'salt' the hashed passwords using SHA-1 algorithm. MD5 is a password hashing algorithm similar to that of SHA-1.
LinkedIn's Vicente Silveira said on Wednesday the company has increased its security "which includes hashing and salting of our current password databases." Although the post says this change was made “recently,” it does not indicate whether the change was applied last month, this week, or yesterday.
Danish developer Poul-Henning Kamp, who developed the widely used MD5 password scrambler, said that limitations to his software and a corresponding increase in computing power since its initial release has rendered his algorithm obsolete.
"I implore everybody to migrate to a stronger password scrambler without undue delay," he wrote in a blog post.
"On a state of the art COTS computer, the algorithm should take at the very least [100 milliseconds] when implemented in software, preferably more. Some kind of 'round count' parameter should be made run-time tweakable so that the runtime/complexity can be increased over time by system administrators."
"The algorithm should be based on repeated data-dependent iterations of several different complex one-way hash functions (MD5, SHA1, SHA2, BLOWFISH, you name it, use them all) in order to 'soak up area' in hardware based attack implementations."
How an MD5 hash is generated.
In 2004, researchers revealed a number of weaknesses in regularly-used hash functions. Later in 2005, MD5 was declared "broken" by security expert Bruce Schneier.
Kamp emphasised that there is "no advantage" in every major website using the exact same algorithm --- "quite the contrary in fact," he added --- as it makes it easier for hackers to develop their attack strategy.
"All major Internet sites, anybody with more than 50.000 passwords, should design or configure a unique algorithm --- consisting of course of standard one-way hash functions like SHA2 etc --- for their site, in order to make development of highly optimized password brute-force technologies a 'per-site' exercise for attackers."
Image credit: Hashcat.
Related:
- LinkedIn password breach: How to tell if you're affected
- 6.46 million LinkedIn passwords leaked online
- LinkedIn's security issue reveals obvious: Passwords, users always a weak link
- CNET: LinkedIn confirms passwords were 'compromised'
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
A hash algorithm is NOT encryption
Yes, It is.
http://en.wikipedia.org/wiki/MD5
http://tools.ietf.org/html/rfc1321
hash != Encryption
My point is that the headline is misleading and incorrect.
Pedantic, yes.
Title changed
No, it isn't
Well done Zack
(Removed as redundant)
Article confuses md5 and a program that uses md5 and misleads about LinkedI
However, MD5 is also being deprecated due to increasingly powerful hardware and attack techniques.
The article (in particular the summary) also wrongly implies LinkedIn uses MD5 (which is weaker than SHA-1).
nice graphic
Except Linked in isn't...well the same deal
fwiw, difference between keys and hashes
A hash is a function without an index.
while encryption can be said to differ from communication in the exchange of a "secret" AKA a "key". encryption which uses different "keys" for encryption and decryption rely on the existence of one-way functions - hashes being an example of such a function.
so, encryption is "coding" with secrets. AKA "keys".
the principles of a code system can be traced to kerckhoff's principle. out of the six principles, the one that draws the most attention is to assume your adversary knows what you know so that the secrecy is in the "key", not the cipher/system.
and, yes, RSA can be a public or one key system if the user shares his private key with receivers (the public key rendered irrelevant in that case).
I'm not sure what you're on about...
Hashes are a way to take large data and map it into a smaller space, which then can be used to index a table, or as a key (in the database sense, not the PKI sense) into a database.
Hashes aren't even required to be one way. Technically, a perfect hash generates a unique value for every possible valid input. You could then make a table of every possible hash and use the hash as index back to the original value.
The only reason people use hashes instead of proper crypto is that it's computationally inexpensive. But ultimately, it's the wrong solution. A better solution would be to encrypt the passwords using PKI (or some other good encryption scheme).
Hashes have advantages over encryption for passwords
With Encryption, the server will have all the passwords on the server in an encrypted form that could be recovered through decryption. A decryption would have to be available on the server to validate passwords. If the server is hacked, all original passwords would be known immediately.
"hashes have nothing to do with PKI"
As for your explanation of hashes, again, not relevant to the act of salting the input.
Try the easy definition, then brush up on "crypto" using common language before incorrectly mixing terminology ...
Simply stated: a hash takes a variable length input and returns a fixed length output.
These outputs are ("hash values" they are not "keyed" and a hashed encryption of cipher text yields the term "digital signature", but let's keep simple) and typically expected to meet a test for randomness (only historically as they are proving easier to reverse than previously thought).
As for your disparaging remarks: please educate yourself.
Thank You!
I may have let that security responsibility slip. But hearing Zack's exclamation, "[i]Hey![/i]" had my account password updated well before lunch. We should all create new and obscure passwords regularly. Then use them. Resigned to [i]deal with what we've got[/i], I hope to say "[b][i]TGiF[/i][/b]" tomorrow.
Salting is not the only issue