The reason that this is a problem, is that many users use the same passwords in multiple places, so if you know their password in one place, you can probably log into other services using that password. If you store all passwords as hash values, and you lose these hash values to people that may abuse them, it is important that they cannot get the original password from it. There are many ways to crack passwords, and lostpassword.com is a good site to know, if you want to know how easy it is to crack passwords.
But how fast can md5 hashes be cracked? Let's try to imagine that we produce all thinkable passwords and generate their md5 hashes, and then use the resulting list as a lookup table, sorted by md5 hash. Let's make a few presumptions:
- The password is only using lowercase letters and digits, 36 different characters in total.
- It is totally random.
- n=5 uses 2GB crack time: 100ms
- n=6 uses 82GB crack time: 120ms
- n=7 uses 3TB crack time: 140ms
- n=8 uses 112TB crack time: 160ms
- n=9 uses 4163TB crack time: 180ms
- n=10 uses 1×1017 bytes
- n=15 uses 1×1025 bytes
- n=20 uses 1×1032 bytes
As you can see, these are bad passwords:
- this is fun
- my dog ate my homework (somebody else probably used that, too)
- slashdot8fischk (15 characters, spelling errors etc.)
- roskilde/1997/annie (25 characters, but who is Annie and why Roskilde?)
As a programmer, you can help your users make better passwords by providing more space to type the password. Usability research has shown, that this actually helps, although I cannot remember the source for that information. Some systems also use the word "passphrase" instead of password in order to encourage users to type more characters.
All it all works wonderfully until you realized that it often all boils down to a md5 hash making all passwords EXACTLY the same length. The more you screw around, the more likely it is that your passphrase's hash will have the same hash as something simple like "abc"
An md5 has sum has 128 bits, which is equivalent to a password with 128/5=25 characters, if each character is chosen randomly from a set of 36 characters. It doesn't make sense to make md5 checksums from purely random passwords longer than that, but it does make sense to make passwords longer than 25 characters if it makes them easier to remember.
Every coder knows (or should know) that you must salt a password before hashing it to defeat lookup tables. Using MD5 to store passwords these days is almost as bad as storing them in plain text.
Jeff at codinghorror also has some interesting posts on this topic. Last one in october.
Post a Comment