MD5 is NOT enough!

Published 26 November 07 08:36 PM | adrian

Yes, you hear that right. One-way hashing for password is not enough. With Google, you can now search for hashes and find the original string. There's some catch though:

• this works for common passwords, strong passwords are unlikely be common, and unlikely be available.
• this works for hashed-only passwords. Add some salt and very likely you won't be able to search for the original string either.

For example, a search for "20f1aeb7819d7858684c898d1e98c1bb" will return a lot of result stating that the original string is "Anthony". Very convenient.

Share this post: | | | |

Comments

# hakimrie said on November 26, 2007 10:59 PM:

md5 memang sudah gak begitu aman, agak sudah lama, maret 2006 sudah ditemukan algoritma untuk nemuin collison dari hash hasil md5

check this out: eprint.iacr.org/.../105

# hakimrie said on November 27, 2007 02:18 PM:

semenjak maret 2006 memang telah ditemukan algoritma untuk mencari collison dari hash hasil md5,

check it out: eprint.iacr.org/.../105