sanitation@lemmy.today to Privacy@lemmy.dbzer0.com · 2 days ago60% of MD5 password hashes are crackable in under an hourwww.theregister.comexternal-linkmessage-square22linkfedilinkarrow-up174
arrow-up174external-link60% of MD5 password hashes are crackable in under an hourwww.theregister.comsanitation@lemmy.today to Privacy@lemmy.dbzer0.com · 2 days agomessage-square22linkfedilink
minus-squaree0qdk@reddthat.comlinkfedilinkarrow-up15·2 days agoYep, salt. Also, there are much better options than MD5. I used bcrypt in systems I built a while back. There’s also scrypt and argon2, which are newer. (Just be careful that you don’t create a DoS vulnerability while hardening your login system…)
minus-squarekmartburrito@lemmy.worldlinkfedilinkarrow-up10·2 days agoYep, and md5 is only used by many because it’s so fast. Cutting corners for speed’s sake is always going to come with a penalty somewhere.
minus-squaregravitas_deficiency@sh.itjust.workslinkfedilinkEnglisharrow-up3·2 days agoAnd, you know, checksums, which MD5 is honestly great for
minus-squaredoughless@lemmy.worldlinkfedilinkarrow-up2·2 days agoMD5 is vulnerable to collisions, so it’s possible for an attacker to match checksums, too.
minus-squarekingofras@lemmy.worldlinkfedilinkarrow-up3·2 days agoYou sound very salty for someone this knowledgeable.
Yep, salt. Also, there are much better options than MD5. I used bcrypt in systems I built a while back. There’s also scrypt and argon2, which are newer. (Just be careful that you don’t create a DoS vulnerability while hardening your login system…)
Yep, and md5 is only used by many because it’s so fast. Cutting corners for speed’s sake is always going to come with a penalty somewhere.
And, you know, checksums, which MD5 is honestly great for
MD5 is vulnerable to collisions, so it’s possible for an attacker to match checksums, too.
You sound very salty for someone this knowledgeable.