[WEB SECURITY] XKCD on password reusej

[Tim]

> "US-CERT of the U. S. Department of Homeland Security said MD5 'should
> be considered cryptographically broken and unsuitable for further use'
> and most U.S. government applications will be required to move to the
> SHA-2 family of hash functions after 2010"
> 
> Ok, so maybe your md5 advice is good - but only for a few more months. ;)

Cryptographic hash algorithms have three primary attack vectors,
each of which applies to completely different scenarios:

1. Preimage attack
2. Second preimage attack
3. Collision attack

Do you understand the difference between these?

MD5 has been broken for #3 and probably #2 (IIRC).  #1 is a very
different beast and AFAIK, there's no evidence that it has been
broken.  All of the hoopla up until now has been about the data
integrity protections that MD5 no longer provides.  When we hash
passwords, we're not worried about it providing data integrity.

Switching from MD5 to something stronger does help a little, but only
because it takes longer to compute SHA*, not because the algorithms
are any harder to reverse from a cryptographic standpoint.

All I'm saying is that if you put your energy into getting people to
change their hash storage format, be sure to emphasize that adding big
random salts is the most important thing to get right.

tim

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

To unsubscribe email websecurity-unsubscribe at webappsec.org and reply to 
the confirmation email

Join WASC on LinkedIn 
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates