Md5crypt Password scrambler is no longer considered safe by author — PHKs Bikeshed

Md5crypt Password scrambler is no longer considered safe by author

The md5crypt password scrambler was created in 1995 by yours truly and was, back then, a sufficiently strong protection for passwords.

New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days.

As the author of md5crypt, I implore everybody to migrate to a stronger password scrambler without undue delay.

I will NOT design the next standard password scrambler, I am not a card-carrying cryptographer, and don’t want to be hazzeled by those who are.

via Md5crypt Password scrambler is no longer considered safe by author — PHKs Bikeshed.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s