MD5crypt Password Scrambler Is No Longer Considered Safe


As reported here recently, millions of LinkedIn password hashes have been leaked online. An anonymous reader writes “Now, Poul-Henning Kamp a developer known for work on various projects and the author of the md5crypt password scrambler asks everybody to migrate to a stronger password scrambler without undue delay. From the blog post: ‘New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days. The default algorithm for storing password hashes in /etc/shadow is MD5. RHEL / CentOS / FreeBSD user can migrate to SHA-512 hashing algorithms.'” Reader Curseyoukhan was was one of several to also point out that dating site eHarmony got the same treatment as LinkedIn.


Share on Google+

Read more of this story at Slashdot.

Read this article:
MD5crypt Password Scrambler Is No Longer Considered Safe

Upload Response

Your data will be stored in the mainframe. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.