UPDATE ON: DO NOT USE MD5 OR SHA1 TO SIMPLY HASH DB PASSWORDS

This is an update to: Do not use MD5 or SHA1 to simply hash DB passwords.

The presentation Hash Flooding Reloaded at 29c3 gives a mathematical attack vector (although it is about a DOS, it will show some weaknesses in hashing algorithms).

But more into line with the original post is the advent of dedicated hashing hardware with incredible performance. And for a low low price.

Take a look at Butterfly Lab’s line of ‘Bitcoin miners’. While you can not use these to break passwords (the hashing algorithm is not usable directly here) it is not even a leap of imagination to figure out that one could have the chips modified to run a different hashing algorithm with about the same speed (MD5 even faster, I guess).

What it comes down to is:

If you spend about $150,- you could break any 8 character password (salted or not) hashed with MD5 or SHA1 in roughly 49000 seconds or 13.5 hours.
If you spend about $1300,- you could break the same in about 1 hour
If you spend about $30.000,- you could break the same in 145 seconds. A little over 2.5 minutes. And then you have cracked ALL 8 character passwords in the DB.
How much money do you think a criminal organisation is willing to spend to have passwords+email (which are the pivot for accounts) of people?

So, at this point in time, it basically can be called negligence if you have a service that has customers on it and if you still have not modified your password ‘encryption’ schemes.

I state this loud and clear, since some legal departments may want to think about this when putting in a claim.

Also, the expensive key setups… well, they can be modeled in hardware too, so maybe we should start looking at the two-factor systems…