Kodi Warns Forum User Passwords Have Been Hacked

On my own:

The issue with md5 hashes is that it’s attainable to generate collisions. In different phrases, given the hash, it’s attainable to create a ‘matching’ password.

No, this isn’t the issue with MD5 in observe.

Collisions are attainable with each cryptographic hash operate, however the longer the hash, the higher harder it is about collisions to seek out. MD5 is lengthy sufficient to observe discovering collisions comparatively brief passwords to make inconceivable.

The explanation to not use MD5, but in addition to not use SHA1, SHA256, and so forth., is that these capabilities bloody quick are.

The assault tactic for passwords is then fully totally different: you begin from a dictionary of as soon as leaked or predictable plain textual content passwords, and also you calculate the hash of every of them (utilizing the identical components because the hacked web site makes use of). You then look for a similar hashes in each information; “weak” (predictable or ever leaked) you instantly take away.

The most effective weapon in opposition to this are salts and capabilities like Argon2 that are deliberately sluggish and reminiscence hungry.

What’s cracked about MD5 is one very particular type of collisionsspecifically that it seems to be comparatively simple to seek out two totally different inputs –the on particular standards to fulfil– which return the identical hash.

Given one random enter (equivalent to a password) it’s nonetheless just about inconceivable to discover a collision.

A danger could possibly be that somebody chooses a password in such a manner that he is aware of an MD5 collision, however that danger doesn’t appear that large to me.

This danger is effectively giant for e.g. digital signatures (if MD5 is used). You can manipulate a contract upfront in order that there are two varied are contracts the place you first current the “favorable” contract to the opposite occasion and later declare it to be a counterfeit and you’ve got the “actual” contract with much less favorable phrases.

Mainly, the MD5 algorithm isn’t the issue with password hashes, they’re its pace (however so is SHA256, for instance), the provision of dictionaries and the truth that individuals select and reuse weak passwords.

Addition 13:07 and @Though Busy: what it’s best to search for, relating to password hashes, within the Wikipedia web page is Preimage vulnerability.
By “pre-image” is supposed that the attacker has no affect on the enter. The confusion is “collision” in each circumstances, however a preimage collission is mostly a very totally different vulnerability from collisions the place the attacker can select the enter. And the attacker can not do this with passwords chosen by others.

The attenuation from 2^128 to 2^123.4 is due to this fact negligible, actually nobody is searching for password collisions.

[Reactie gewijzigd door ErikvanStraten op 10 april 2023 13:07]