MD5 Hash Fail

[dunfiddlin]

A salutary lesson for anyone who thinks MD5 hashing makes their application or data safe.

[dilettante]

MD5 got used primarily because it is easy to write and fast to run in JavaScript. What has changed since those early days is the amount of computing power available to crackers for doing brute-force attacks. Defeating this means using more sophisticated measures such as more advanced hashes, which often are not feasible in a scripting language.

It still beats the use of plain text transmission and storage by a country mile.

Skimming the article (ugh, another one divided into separate pages to boost advertising potential) I didn't see an alternative presented. Things like SHA512 being available in OS X are irrelevant red herrings since script has no access to them.

So since this is nothing new (the warnings have been out there for over a decade) I'm not sure why this is worthy of discussion now unless you are asking for alternatives... or looking for excuses to be sloppy about security as if it doesn't matter.

[Evil_Giraffe]

Yeah... if all you're doing is MD5-ing the passwords, you might as well be storing them in plaintext. You need to salt the passwords (each password with a different salt) and then use a password hash - this has different properties to a cryptographic hash (most notably, it is designed to be SLOW, not fast).

Of course, making your application or data "safe" depends on what you mean by "safe" - you need to work out what your threat model is.