SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Guru phantom007's Avatar
    Join Date
    May 2008
    Posts
    737
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    Question A Question about hashing algorithms

    Hi All

    I have read that in cryptography MD5 is the weakest hashing algorithm. But a question to those people who thinks the same, is the most secured hashing algorithm still secure without a SALT?

    If I use MD5 to store passwords with a strong SALT value, would the passwords be still unsecured?

  2. #2
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,061
    Mentioned
    153 Post(s)
    Tagged
    2 Thread(s)
    It's not the weakest algorithm, but for all intents and purposes it has indeed been "cracked", rendering it virtually useless.

    Indeed, when you add a salt, it would be a lot more secure because then normal rainbow attacks don't work anymore -- the attacker has to create a new rainbow table for each salt, which is near impossible.

    That said, if you have a chance to switch to a different algorithm like SHA1, I'd definitely do that!

    Also, you may want to take a look at phpass (which uses either SHA1 or blowfish, depending on the capabilities of the system).
    Rémon - Hosting Advisor

    SitePoint forums will switch to Discourse soon! Make sure you're ready for it!

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,803
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by ScallioXTX View Post
    It's not the weakest algorithm, but for all intents and purposes it has indeed been "cracked", rendering it virtually useless.
    That it has been cracked makes no difference if you are using it for the purpose for which hashes were originally intended - where the original content and the hash are both accessible with the hash being used to determine if the original has been tampered with - since a small change to the original results in a completely different hash. Being able to tamper with the original in such a way that it is still meaningful but presents different information and still produces the same hash is still impossible with MD5. So it isn't useless, it is still as effective for its intended use as it ever was.

    It is only when you use it for purposes for which MD5 was never intended to be used in the first place that it having been 'cracked' makes any difference.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  4. #4
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,061
    Mentioned
    153 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by felgall View Post
    Being able to tamper with the original in such a way that it is still meaningful but presents different information and still produces the same hash is still impossible with MD5.
    No it's not, as described here:

    On 30 December 2008, a group of researchers announced at the 25th Chaos Communication Congress how they had used MD5 collisions to create an intermediate certificate authority certificate which appeared to be legitimate when checked via its MD5 hash.
    Maybe 'useless' was a bit an overstatement, but I for one am staying clear from md5 and have switched to sha1 and blowfish.
    Rémon - Hosting Advisor

    SitePoint forums will switch to Discourse soon! Make sure you're ready for it!

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  5. #5
    SitePoint Guru phantom007's Avatar
    Join Date
    May 2008
    Posts
    737
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Hi guys.

    I appreciate ur replies. But my 2 questions are more or less still unanswered.

    Thanks

  6. #6
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,259
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cancer10 View Post
    is the most secured hashing algorithm still secure without a SALT?
    No. You should always salt, no matter the hash algorithm.

    Quote Originally Posted by cancer10 View Post
    If I use MD5 to store passwords with a strong SALT value, would the passwords be still unsecured?
    The passwords would be *secure*. MD5's collision resistance is broken, but securing passwords doesn't rely on collision resistance. That being said, switching to a better hash algorithm is incredibly easy. There's no reason not to switch.

  7. #7
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,196
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    As it has been mentioned, you should always apply a salt when hashing a password. The longer the salt is the better.

    While it is correct that it is easier to locate a collision in a md5 hash these days, the approach used to do this does not make it easier to "locate" the content used to create the hash. I.e. recreate the content.

    To be honest, we have known for something between 16-20 years that md5 is not collision safe, but for the use of "hashing" passwords together with a good salt it was more than safe enough.

    The problem even today is not the collisions, but the fact that with some new Nvidia videocards put in SLI and a program made in CUDA you can get immense processing power quite cheap, that only the largest universities had only a decade ago. Heck even Amazon allow you to rent number crunching servers by the hour. This means that if a malicious user get a hold of your md5 password hashes, brute forcing one of them will be "almost instant" compared to doing the same on your computer a decade ago.

    A md5 password hash perhaps on 6-8 characters, you brute force in a few min with the right hardware/software today. Even with a good salt added on, you can normally crack them in a few hours max.

    Instead of using md5 I would recommend either whirlpool or sha512, both with are 512bit. There is no reason to use lower hashing algorithms these days, as you dont check the password on every page load for example. Note, if your unfamiliar with it, take a look on the hash() function in php.

  8. #8
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,259
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by TheRedDevil View Post
    ...This means that if a malicious user get a hold of your md5 password hashes, brute forcing one of them will be "almost instant" compared to doing the same on your computer a decade ago...
    I think "almost instant" needs to be clarified. If you could compute 8 billion hashes per second, it would still take you about 700 quintillion years.

  9. #9
    SitePoint Addict kduv's Avatar
    Join Date
    May 2012
    Location
    Maui, HI
    Posts
    211
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Here's a good article about password hashing methods.
    http://www.openwall.com/articles/PHP-Users-Passwords

  10. #10
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,196
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Jeff Mott View Post
    I think "almost instant" needs to be clarified. If you could compute 8 billion hashes per second, it would still take you about 700 quintillion years.
    Well, "almost instant" was just used to point out the differences of the computer power you as a end user can possess today, that was only available for larger companies and universities only a decade ago.

    Without sitting down and crunching numbers, I'm certain that your overestimating the number of available md5 hashes.

    In addition what you need to keep in mind is that md5 (and other hashes) was created to validate data integrity, i.e. verify that the content of a file/text has not been tampered with. This means that when dealing with password hashes created by md5, even when they contain a salt, does not mean I need to "check" the entire available range of hashes.

    Just as you would not try to "brute force" a md5 data integrity hash to "unzip" the file, you wont start with a 2mb file with text when brute forcing working your way downwards to find a match.

  11. #11
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,259
    Mentioned
    18 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by TheRedDevil View Post
    Without sitting down and crunching numbers, I'm certain that your overestimating the number of available md5 hashes.
    It's actually pretty simple math. Total number of hashes (2^128) divided by hashes per second (8 billion) divided by seconds per minute, minutes per hour, hours per day, days per year. I even divided the final number by 2, since on average you'll find the correct result after searching only half the hashes.

    Quote Originally Posted by TheRedDevil View Post
    ...when dealing with password hashes created by md5, even when they contain a salt, does not mean I need to "check" the entire available range of hashes.
    You're talking about brute forcing the password rather than brute forcing the hash, and you're right, that definitely reduces the number of possibilities to check. But the same is true for any hash algorithm, because in this scenario, it's the password that's the weak link, not the hash.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •