MD5 password scrambler 'no longer safe'
Summary: The MD5 password hash algorithm is “no longer considered safe” by the original software developer, a day after the leak of more than 6.4 million hashed LinkedIn passwords.
The original author of the MD5 password hash algorithm has publicly declared his software end-of-life and is “no longer considered safe” to use on commercial websites.
This comes only a day after a data breach led to 6.46 million LinkedIn hashed passwords leaking to the Web. Since the data breach, thousands of passwords, including many that could be considered strong, have been decrypted, either through brute force or through lookups.
The primary cause is LinkedIn’s failure to properly ’salt’ the hashed passwords using SHA-1 algorithm. MD5 is a password hashing algorithm similar to that of SHA-1.
LinkedIn’s Vicente Silveira said on Wednesday the company has increased its security “which includes hashing and salting of our current password databases.” Although the post says this change was made “recently,” it does not indicate whether the change was applied last month, this week, or yesterday.
Danish developer Poul-Henning Kamp, who developed the widely used MD5 password scrambler, said that limitations to his software and a corresponding increase in computing power since its initial release has rendered his algorithm obsolete.
“I implore everybody to migrate to a stronger password scrambler without undue delay,” he wrote in a blog post.
Read More...
http://www.zdnet.com/blog/security/md5-password-scrambler-no-longer-safe/12317?tag=nl.e036
Man! And this is just one of the Security Risk Stories out, Today!:O Check out the links below, for more, along with some better news and info...
Don
- News 06-07-12
- Linux Today - The Perfect Desktop - Fedora 17
- The Perfect Desktop - Fedora 17 | HowtoForge - Linux Howtos and Tutorials
- Simplest of SL4A microbridge examples - Hack a Day
- Getting your stuff built: how to shop, conduct business, stay alive, and eat your way through Shenzhen - Hack a Day
- Putting every chiptune ever in an FPGA - Hack a Day
- Firefox Extension of the Week (Click less, Know more!)
- Childhood CT Scans Raise Cancer Risk
- How to Be Honest when She Asks if an Outfit Makes Her Look Fat
- How to Make a Bailey's Cheesecake: 10 steps (with pictures)
- HowStuffWorks "5 Common Auto Insurance Scams (And How to Avoid Them)"
- HowStuffWorks Videos "Astronauts and Apollo 13"
- China Cuts Lending Rate as Its Economic Growth Slows - NYTimes.com
- No Hints From Bernanke of New Stimulus - NYTimes.com
- Where is my *%$#! virtual reality display? - Hack a Day
- E3 2012: John Carmack Interview - YouTube
- LinkedIn's security issue reveals obvious: Passwords, users always a weak link | ZDNet
- Fake Gmail Android application steals personal data | ZDNet
- MD5 password scrambler 'no longer safe' | ZDNet
- R.I.P. Ray Bradbury - The man who dreamed the future | TechRepublic
- Facebook begins notifying DNSChanger victims | ZDNet
- Microsoft's reaction to Flame shows seriousness of 'Holy Grail' hack - Computerworld
- Microsoft Update and The Nightmare Scenario - F-Secure Weblog : News from the Lab
- DNS Changer Check-Up - Clean
- FBI — International Cyber Ring That Infected Millions of Computers Dismantled
No comments:
Post a Comment