Search My Blog

Thursday, June 7, 2012

MD5 password scrambler 'no longer safe' | ZDNet

MD5 password scrambler 'no longer safe'

By | June 7, 2012, 6:01am PDT

Summary: The MD5 password hash algorithm is “no longer considered safe” by the original software developer, a day after the leak of more than 6.4 million hashed LinkedIn passwords.

The original author of the MD5 password hash algorithm has publicly declared his software end-of-life and is “no longer considered safe” to use on commercial websites.

This comes only a day after a data breach led to 6.46 million LinkedIn hashed passwords leaking to the Web. Since the data breach, thousands of passwords, including many that could be considered strong, have been decrypted, either through brute force or through lookups.

The primary cause is LinkedIn’s failure to properly ’salt’ the hashed passwords using SHA-1 algorithm. MD5 is a password hashing algorithm similar to that of SHA-1.

LinkedIn’s Vicente Silveira said on Wednesday the company has increased its security “which includes hashing and salting of our current password databases.” Although the post says this change was made “recently,” it does not indicate whether the change was applied last month, this week, or yesterday.

Danish developer Poul-Henning Kamp, who developed the widely used MD5 password scrambler, said that limitations to his software and a corresponding increase in computing power since its initial release has rendered his algorithm obsolete.

I implore everybody to migrate to a stronger password scrambler without undue delay,” he wrote in a blog post.


Man! And this is just one of the Security Risk Stories out, Today!:O Check out the links below, for more, along with some better news and info...


News 06-07-12
Linux Today - The Perfect Desktop - Fedora 17
The Perfect Desktop - Fedora 17 | HowtoForge - Linux Howtos and Tutorials
Simplest of SL4A microbridge examples - Hack a Day
Getting your stuff built: how to shop, conduct business, stay alive, and eat your way through Shenzhen - Hack a Day
Putting every chiptune ever in an FPGA - Hack a Day
Firefox Extension of the Week (Click less, Know more!)
Childhood CT Scans Raise Cancer Risk
How to Be Honest when She Asks if an Outfit Makes Her Look Fat
How to Make a Bailey's Cheesecake: 10 steps (with pictures)
HowStuffWorks "5 Common Auto Insurance Scams (And How to Avoid Them)"
HowStuffWorks Videos "Astronauts and Apollo 13"
China Cuts Lending Rate as Its Economic Growth Slows -
No Hints From Bernanke of New Stimulus -
Where is my *%$#! virtual reality display? - Hack a Day
E3 2012: John Carmack Interview - YouTube
LinkedIn's security issue reveals obvious: Passwords, users always a weak link | ZDNet
Fake Gmail Android application steals personal data | ZDNet
MD5 password scrambler 'no longer safe' | ZDNet
R.I.P. Ray Bradbury - The man who dreamed the future | TechRepublic
Facebook begins notifying DNSChanger victims | ZDNet
Microsoft's reaction to Flame shows seriousness of 'Holy Grail' hack - Computerworld
Microsoft Update and The Nightmare Scenario - F-Secure Weblog : News from the Lab
DNS Changer Check-Up - Clean
FBI — International Cyber Ring That Infected Millions of Computers Dismantled

No comments: