The original author of the MD5 password hash algorithm has publicly declared his software end-of-life and is “no longer considered safe” to use on commercial websites.



This comes only a day after a data breach led to 6.46 million LinkedIn hashed passwords leaking to the Web. Since the data breach, thousands of passwords, including many that could be considered strong, have been decrypted, either through brute force or through lookups.

The primary cause is LinkedIn’s failure to properly ’salt’ the hashed passwords using SHA-1 algorithm. MD5 is a password hashing algorithm similar to that of SHA-1.

LinkedIn’s Vicente Silveira said on Wednesday the company has increased its security “which includes hashing and salting of our current password databases.” Although the post says this change was made “recently,” it does not indicate whether the change was applied last month, this week, or yesterday.

Danish developer Poul-Henning Kamp, who developed the widely used MD5 password scrambler, said that limitations to his software and a corresponding increase in computing power since its initial release has rendered his algorithm obsolete.

“I implore everybody to migrate to a stronger password scrambler without undue delay,” he wrote in a blog post.

“On a state of the art COTS computer, the algorithm should take at the very least [100 milliseconds] when implemented in software, preferably more. Some kind of ’round count’ parameter should be made run-time tweakable so that the runtime/complexity can be increased over time by system administrators.”

“The algorithm should be based on repeated data-dependent iterations of several different complex one-way hash functions (MD5, SHA1, SHA2, BLOWFISH, you name it, use them all) in order to ’soak up area’ in hardware based attack implementations.”

In 2004, researchers revealed a number of weaknesses in regularly-used hash functions. Later in 2005, MD5 was declared “broken” by security expert Bruce Schneier.

Kamp emphasised that there is “no advantage” in every major website using the exact same algorithm — “quite the contrary in fact,” he added — as it makes it easier for hackers to develop their attack strategy.

“All major Internet sites, anybody with more than 50.000 passwords, should design or configure a unique algorithm — consisting of course of standard one-way hash functions like SHA2 etc — for their site, in order to make development of highly optimized password brute-force technologies a ‘per-site’ exercise for attackers.”

By Zack Whittaker

Link; http://www.zdnet.com/blog/security/md5-password-scrambler-no-longer-safe/12317

Adding this comment on the above news by a web user on zdnet for a balanced view:

hash != Encryption
cpuh0g

Yes, it is a "cryptographic hash function", but that is still not encryption. An encryption operation involves a key and can be reversed if one knows the right key to reverse the operation. A hash is a one-way operation that cannot be reversed. You can run brute-force or dictionary or rainbow table attacks which attempt to find an input that results in the same hash, but that doesn't constitute a reversal of the operation.

My point is that the headline is misleading and incorrect.

Pedantic, yes.