[Link] Why You Don't Use MD5 For Passwords

  • (3 Pages)
  • +
  • 1
  • 2
  • 3

40 Replies - 4657 Views - Last Post: 13 June 2013 - 09:57 AM

#31 baavgai  Icon User is offline

  • Dreaming Coder
  • member icon

Reputation: 5818
  • View blog
  • Posts: 12,669
  • Joined: 16-October 07

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 30 May 2013 - 04:26 AM

Bruce Schneier is my hero. Everything I've read of his is sane and insightful. I have a few copies of his Applied Cryptography. Someone did up a Chuck Norris style love page to him. He has a blog link to it.

Bruce notes, on the first page of AC ( don't have book to hand ) the difference between true security and security through obscurity. This is why I'm dubious about "strong proprietary systems." Proprietary is a form of obscurity and there may not be a way to know if "strength" comes from hiding a secret that could be discovered. e.g. CSS.
Was This Post Helpful? 2
  • +
  • -

#32 jon.kiparsky  Icon User is online

  • Pancakes!
  • member icon


Reputation: 7727
  • View blog
  • Posts: 13,052
  • Joined: 19-March 11

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 30 May 2013 - 05:23 AM

View Postbaavgai, on 30 May 2013 - 06:26 AM, said:

Bruce notes, on the first page of AC ( don't have book to hand ) the difference between true security and security through obscurity.


Yes, he's pretty scathing on the matter:
"If the strength of your new cryptosystem relies on the fact that the attacker doesn't know the algorithm's inner workings, you're sunk. If you veliece that keeping the algorithm's inner workings secret improves the security of your cryptosystem more than letting the academic community alayze it, you're wrong. And if you think someone won't disassemble your code and reverse-engineer your algorithm, you're naive. The best algorithms we have are the ones that have been made public, have been attacked by the world's best cryptographers for years, and are still unbreakable."



I have read a lot of material on crypto in the last year, and the consensus is nearly total: the difference is that "security by obscurity" does not exist. This idea of a "strong proprietary system" is universally derided, and I think with good reason: it hasn't been tested under one of the most important conditions that it'll have to meet. Someone, somewhere, sometime, will get hold of the algorithm, and they will mount an attack on that system knowing that algorithm. Do you want that attack to happen first on test data in Schneier's lab, or do you want it to happen first on your data, in the wild? It's possible that the erstwhile secret algorithm will hold up when its obscurity is compromised, but do you really want to be the one to find out the hard way?
Was This Post Helpful? 2
  • +
  • -

#33 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3566
  • View blog
  • Posts: 11,079
  • Joined: 05-May 12

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 30 May 2013 - 10:17 AM

Slightly off topic: "Strong proprietary system" like Various electronic voting machines which are not open for inspection and study by the general public? Makes one wonder why they are not open to the general public, but only a select few were invited to get an overview, but not an in depth study.
Was This Post Helpful? 0
  • +
  • -

#34 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 9187
  • View blog
  • Posts: 34,489
  • Joined: 12-June 08

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 30 May 2013 - 10:18 AM

Easy - security by obscurity.
Was This Post Helpful? 0
  • +
  • -

#35 AdamSpeight2008  Icon User is offline

  • MrCupOfT
  • member icon


Reputation: 2263
  • View blog
  • Posts: 9,462
  • Joined: 29-May 08

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 30 May 2013 - 10:26 AM

Sometime it's better to keep quiet about a flaw in cipher or code.

Want a real life / death example.


The German's Enigma cipher was broken by the British and its allies during WW2, and use the knowledge contained in the decoded transcripts. They known in advance Coventry was going to be bombed, but didn't stop because it would revealed that code had been broken and thus changed. It was broken because of a simple flaw in the design, of a letter can not be ciphered to itself. The British the cipher was a good and decided to re-implement it without the flaw and used it for their communications. (TypeX) It was never publicly broken.

This post has been edited by AdamSpeight2008: 30 May 2013 - 10:30 AM

Was This Post Helpful? 0
  • +
  • -

#36 jon.kiparsky  Icon User is online

  • Pancakes!
  • member icon


Reputation: 7727
  • View blog
  • Posts: 13,052
  • Joined: 19-March 11

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 30 May 2013 - 10:39 AM

View PostAdamSpeight2008, on 30 May 2013 - 12:26 PM, said:

Sometime it's better to keep quiet about a flaw in cipher or code.

Want a real life / death example.


The German's Enigma cipher was broken by the British and its allies during WW2, and use the knowledge contained in the decoded transcripts. They known in advance Coventry was going to be bombed, but didn't stop because it would revealed that code had been broken and thus changed. It was broken because of a simple flaw in the design, of a letter can not be ciphered to itself. The British the cipher was a good and decided to re-implement it without the flaw and used it for their communications. (TypeX) It was never publicly broken.



They also offered it up to various allies as a secure communications technology. Needless to say, they didn't mention that it was broken, and their diplomatic service had a lot of confidential information to work with. If I recall correctly, the US was also in on this game.

The Enigma story, of course, is an excellent example of the utter failure of security through obscurity. There are others - for example, Kahn documents amazingly simple ciphers (Vigenere? I can't remember) used for top-level secrets as recently as the first World War. The only reason they did this is because they believed that their ciphers could not be broken if the encryption algorithm was not known. This is always a bad bet.

However, the only reason I can think of to not publicize flaws in a cryptosystem would be so you could exploit them yourself.


(by the way, Neal Stephenson's Cryptonomicon is a good fictionalized treatment of the efforts to protect the fact that Enigma had been broken)

This post has been edited by jon.kiparsky: 30 May 2013 - 10:44 AM

Was This Post Helpful? 0
  • +
  • -

#37 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 9187
  • View blog
  • Posts: 34,489
  • Joined: 12-June 08

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 30 May 2013 - 10:46 AM

View Postjon.kiparsky, on 30 May 2013 - 12:39 PM, said:

...
(by the way, Neal Stephenson's Cryptonomicon is a good fictionalized treatment of the efforts to protect the fact that Enigma had been broken)

I guess it is inevitable that when crypto and 'hacks' are brought up so is Stephenson. zing!

I kid.. he's a good author.
Was This Post Helpful? 0
  • +
  • -

#38 Curtis Rutland  Icon User is online

  • (╯□)╯︵ (~ .o.)~
  • member icon


Reputation: 4479
  • View blog
  • Posts: 7,801
  • Joined: 08-June 10

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 31 May 2013 - 08:38 AM

Love the discussion here. Just to throw this out there, if anyone has gotten this far and is wondering what they should actually use over MD5 for password hashes, here's a suggestion:

bcrypt

Of course, continue to use all other best practices, like salts and prepared statements.
Was This Post Helpful? 1
  • +
  • -

#39 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3566
  • View blog
  • Posts: 11,079
  • Joined: 05-May 12

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 01 June 2013 - 09:06 PM

Is the recommendation for bcrypt based on the current difficulty of being able to the algorithm on a GPU and therefore making it "very expensive" for hackers to try to brute force?

Or is it because of the use of the stretching technique? If it's mere the application of stretching, why not just do an iterative application of SHA-256 to do the stretching?
Was This Post Helpful? 0
  • +
  • -

#40 Craig328  Icon User is online

  • I make this look good
  • member icon

Reputation: 1926
  • View blog
  • Posts: 3,467
  • Joined: 13-January 08

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 13 June 2013 - 09:30 AM

Fun to go back and read this thread in light of the recently publicized antics the NSA has been involved with.

Anyone wanna bet against them having a couple of quantum machines toiling away in their basement today?
Was This Post Helpful? 0
  • +
  • -

#41 jon.kiparsky  Icon User is online

  • Pancakes!
  • member icon


Reputation: 7727
  • View blog
  • Posts: 13,052
  • Joined: 19-March 11

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 13 June 2013 - 09:57 AM

Working quantum machines, cracking code? I'm going to say the odds are not good.

I say this because the NSA is not capable of monopolizing the work in this area, so while they may make breakthroughs, it's almost certain that those breakthroughs will also be made outside their facilities. (since there are many more people working outside the NSA than inside it) Therefore, it's not likely that they're very far ahead of the known state of the art. If you can make a guess as to how long it would take from the known state of the art to factoring your RSA key, if some breakthrough were made today, you have a good idea of how far ahead of the rest of the world the NSA would have to be, at a minimum, to be breaking secure encryption. I'm thinking that number is several years at least, and I don't think the NSA is several years ahead of the rest of the world.
Was This Post Helpful? 0
  • +
  • -

  • (3 Pages)
  • +
  • 1
  • 2
  • 3