MD5crypt Password Scrambler Is No Longer Considered Safe 212
As reported here recently, millions of LinkedIn password hashes have been leaked online. An anonymous reader writes "Now, Poul-Henning Kamp a developer known for work on various projects and the author of the md5crypt password scrambler asks everybody to migrate to a stronger password scrambler without undue delay. From the blog post: 'New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days. The default algorithm for storing password hashes in /etc/shadow is MD5. RHEL / CentOS / FreeBSD user can migrate to SHA-512 hashing algorithms.'" Reader Curseyoukhan was one of several to also point out that dating site eHarmony got the same treatment as LinkedIn. Update: 06/07 20:13 GMT by T : An anonymous reader adds a snippet from Help Net Security, too: "Last.fm has piped up to warn about a leak of their own users' passwords. Users who have logged in to the site were greeted today by a warning asking them to change their password while the site investigates a security problem. Following the offered link to learn more, they landed on another page with another warning."
Re:In other news (Score:5, Funny)
That's why I use rot26. It's twice as strong.
Any 8 character password? (Score:5, Funny)
I have a question: (Score:3, Funny)
LinkedIN needs security professionals... (Score:5, Funny)
If only there were a website where they could connect with other security professionals, exchange ideas and maybe even find people to hire....
Re:I have a question: (Score:3, Funny)
Dammit! (Score:5, Funny)
Who told you my password?
Re:Unsalted hashes are worse. (Score:2, Funny)
That's why people should use Pepper instead of Salt, plus Salt is bad for the heart.