MD5crypt Password Scrambler Is No Longer Considered Safe

    0
    74


    As reported here recently, millions of LinkedIn password hashes have been leaked online. An anonymous reader writes “Now, Poul-Henning Kamp a developer known for work on various projects and the author of the md5crypt password scrambler asks everybody to migrate to a stronger password scrambler without undue delay. From the blog post: ‘New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days. The default algorithm for storing password hashes in /etc/shadow is MD5. RHEL / CentOS / FreeBSD user can migrate to SHA-512 hashing algorithms.'” Reader Curseyoukhan was was one of several to also point out that dating site eHarmony got the same treatment as LinkedIn.


    Share on Google+

    Read more of this story at Slashdot.

    Read this article:
    MD5crypt Password Scrambler Is No Longer Considered Safe

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.