On 13 Jun 2012, at 14:47, Richard Gaskin wrote: > MD5 has been known to be theoretically crackable for some years, and this has > become a reality as noted in recent news: > > MD5 password scrambler 'no longer safe' > > Summary: The MD5 password hash algorithm is “no longer considered > safe” by the original software developer, a day after the leak of > more than 6.4 million hashed LinkedIn passwords.
I've read about this, but I'm still unclear about exactly what the problem is. I understand that MD5 was "cracked" some years ago making it unsuitable for use as a checksum. (Given the original data to which MD5 is applied, it is possible to produce another set of data that will produce the same MD5 checksum.) But this didn't affect MD5's usefulness as a hashing method for passwords. From what I've read, the recent problem is not that MD5 has been cracked, but that it is too fast and therefore allows brute force attacks on lists of hashed passwords, even those that have been salted. My first thought was that applying MD5 twice or more times would perhaps increase its security, but nowhere do I see this suggested as a solution. If anyone can add any information or point out my probable misunderstanding, I'd be very grateful. Cheers Dave _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
