[Chicago-talk] Password strength

Steven Lembark lembark at wrkhors.com
Sun Aug 9 09:02:58 PDT 2015

> So I'm confused about what the issue would be with using MD5s if my
> recommendations are taken together. Any insight?

The collision domain of MD5 hashes is not large enough to defeat
the computer resources avaialble to generate collisions.

The original /etc/passwd scheme of salt+hash worked in the days of
full-height 5MB drives because storing the enough strings to defeat 
it would have passed the Chandrasekhar limit. Today I can get enough
4TiB+ drives to store the space; or generate colliding hash chains
quickly enough to find collisions in "reasonable" times.

MD5 password hashes were a workable answer at the time they were
first invented but are now in the same bucket as salt+checksum: 
the hardware available to compute, store, and index collision 
chains is readily accessable. At that point MD5's collision domain
is not large enough to defeat someone.

The approach of requiring "better" passwords solves issues with 
brute-force generation of dictionary strings but does nothing to solve 
hash collision issues, which are simply a function of the MD5 digest 
size, not the input domain of the passwords.  The only real fix for 
this is using an ever-larger digest in order to make the domain of 
collisions large enough to avoid pre-computing them. Once that is 
done, forcing longer, more varied passwords is an excellent way to 
improve security; until then it doesn't help all that much.

Steven Lembark                                             3646 Flora Pl
Workhorse Computing                                   St Louis, MO 63110
lembark at wrkhors.com                                      +1 888 359 3508

More information about the Chicago-talk mailing list