|
|
Posted by Volker Hetzer on 09/02/05 18:23
Erwin Moller wrote:
> I don't want to ruin this party, but if you safe md5(password) you might as
> well store them plaintext.
> MD5 has had its best days. :-(
[...]
> I also read some smart@ss at slashdot improved on this, and now it can be
> done on a run-of-the-mill PC in 1 second.
15min is the last estimate I know, but that's a few months old.
> So: effectively MD5 is broken. Do not use it.
Depends on what this guys choices are and how much effort an attacker
is going to spend on getting a password.
a) In a web application you typically deal with the
name-of-my-neighbour's-hamster class of passwords (unless it's a bank).
For instance, a truly random password of 6 lowercase letters and digits
has about 31bit of entropy in it, words something in the 10 to 20bit
range.
No attacker will attack md5 for this, they run some crack-like guesser
and that's it.
b) His toolkit may not have anything better to offer, in particular
not SHA256.
Also, typically you salt passwords, i.e. combine them with another random
string. (frizzle, you *do* that, don't you?)
If the attacker doesn't steal the password hashes *and* the random
strings he can't do anything. If he can break into your system and steal
a file, you've IMHO got a way bigger problem than what hash function you chose.
Lots of Greetings!
Volker
Navigation:
[Reply to this message]
|