this post was submitted on 08 May 2026
166 points (95.6% liked)

Cybersecurity

9943 readers
26 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
166
60% of MD5 password hashes are crackable in under an hour (www.theregister.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
41 comments fedilink hide all child comments
top 41 comments
sorted by: hot top controversial new old
[–] Jesus_666@lemmy.world 81 points 2 days ago* (last edited 2 days ago) (2 children)

So Kaspersky found out that MD5 passwords are unsafe. That's literally 20 year old news. Actually, Kaspersky found out that brute-forcing MD5 on consumer-grade hardware has become slightly faster than two years ago, which makes me wonder if Captain Obvious's secret identity is that of a Kaspersky cybersecurity expert.

El Reg concludes from this that we should ditch passwords, which they back up with the opinion of a second expert. This expert immediately tells them they're wrong, that passwords are perfectly fine if used with MFA, and that a lack of public knowledge about basic cybersecurity is the real issue. They somehow treat this as him agreeing with them.

Actual technological alternatives to traditional password use (such as passkeys or password managers with per-site passwords) are mentioned only as an aside or not at all. It never occurred to El Reg or Kaspersky to mention that MD5 has been considered obsolete since the days of Internet Explorer 7 and that more secure hashes like bcrypt have been around since the late 90s. For that matter, the Kaspersky source talks about rainbow tables without using the word "salt" even once.

Finally they conclude with a call to action to "improve that user security stack", arguing that passwords are inherently unsafe due to their "complex requirements and hashed storage". That's so deep into la-la land that I'm not even sure what it is they're trying to say or who they're even talking to.

That's an amazingly badly written article.

What impresses me the most is that the Kaspersky article they're talking about is just as asinine as El Reg's confused stammering. The most sense I can make out of it is that they're making a bad faith argument ("we can brute-force MD5'd passwords with a 5090 so you should use MFA") because they're trying to get nontechnical people to do the right thing and hope they can scare them into compliance if they bullshit hard enough.

Edit: I just noticed how often Kaspersky's article refers to the own password manager they sell. So their bad faith argument is really just in service of an ad that happens to contain some decent security advice.

[–] gens@programming.dev 8 points 2 days ago

Hashcat. Talking about md5 as security is...

[–] excral@feddit.org 1 points 2 days ago (1 children)

I think the specific hash algorithm used doesn't matter much, except that MD5 is quite fast to calculate. A modern hash algorithm would buy some time by being more expensive computationally, but wouldn't change much otherwise. From how I understand the article, they effectively did a sophisticated dictionary attack on the passwords in the database, not brute force attacks on individual hashes. Probably starting with all the known common passwords and then continuing with some generator based on common password patterns. Otherwise I couldn't explain how they cracked 48% of the passwords in under 60 seconds and needed the remainder of an hour for just another 12%.

Regardless, that's no excuse for still using MD5 hashes today. The problem is that a sizeable chunk of IT professionals have no fucking clue what they're doing. They might have heard that storing passwords as plain text is a bad idea, so they use the first hash algorithm they come across which happens to be MD5, unsalted of course. Unittests pass, everyone's happy, software gets shipped, black hats are happy.

[–] Jesus_666@lemmy.world 14 points 2 days ago (1 children)

The difference in speed between MD5 and something like bcrypt or Argon2 is massive. We're talking orders of magnitude. That adds a layer of security – if hashing takes e.g. 1000 times longer than with md5, the 20 minutes to crack the least secure passwords suddenly turns into 14 days. Still not astronomical but a lot slower. The more secure algorithms also require more memory to run, leading to less effective parallelization.

Besides, MD5 is prone to collisions, which reduce the number of attacks needed. The attacker doesn't need the real password, just one that hashes to the correct value.

While they did do a more sophisticated dictionary attack, they also talk about rainbow tables, which only work if the hashes are unsalted. A more modern approach with salted passwords is immune to rainbow table attacks. An actually modern approach with salted and peppered Argon2 hashes makes the kind of offline attack Kaspersky did unfeasible in the first place.

For some reason Kaspersky never bothered to point this out. I'd expect a reputable cybersecurity company like them to at least include one line that urges developers to make use of a modern approach and gives pointers as to what that might be. But I suppose "we recommend passwords to be salted, peppered, and hashed with Argon2i or Argon2id with a sufficiently high work factor" wouldn't fit their narrative.

(I also just noticed that the advice part of Kaspersky's article is littered with references to the password manager they sell. Yep, it's an underhanded ad that just happens to contain some good security advice.)

[–] phoenixz@lemmy.ca -2 points 1 day ago (2 children)

to crack

Eh, sorry, but you cannot crack hashes. At best you can come up with a strong that generates the same hash, but finding the exact original value won't happen, that's not how hashes work, that is not how anything works.

Each hash output value in principle can have an infinity of different inouts that lead to that output. Because of that, hashes are a one way street

Having said that, are you telling me that a properly salted hash using a modern algorithm like argon2id, or just even plain sha256, can be "cracked" in 14 days? I'm going to go ahead and say "no"

[–] Windex007@lemmy.world 6 points 1 day ago* (last edited 1 day ago)

If you can generate an input which satisfies an md5 comparison which results in being able to authenticate with a system, then I think debating if that is a "crack" or not is purely semantic.

Although you are for sure technically right, I think any actually observed md5 collisions are with very large inputs, many orders of magnitudes longer than a password. The smallest input (first found, almost certainly) is almost certainly what the original password was.

[–] Jesus_666@lemmy.world 1 points 1 day ago

In my comment, '"cracking" referred to finding a password that matches the hash. That's common nomenclature. The found password doesn't have to be the original password but it's rather likely at the string lengths involved, especially since Kaspersky used a dictionary to back the attack.

Also, you wouldn't use a hashing function where a large number of inputs of a usual password length turn into the same hash. That would just make all passwords weaker. The point of hashing a password is to store something that (ideally) uniquely matches the correct password but can't be used to easily derive the password.

The factor of 1000 I gave was a very rough ballpark number. I couldn't find any good comparison between the actual throughput of MD5 and bcrypt or Argon2. And yes, a single round of SHA256 would be cracked quickly; it's much less work-intensive than Argon2 and even has dedicated hardware acceleration in modern CPUs. Argon2 with a high work factor is vastly more resistant than MD5 and SHA256.

Also, salting doesn't protect against brute force and enhanced dictionary attacks. The salt is stored with the password so the attacker knows it. It only protects against rainbow tables. Pepper protects against offline cracking.

[–] nimpnin@sopuli.xyz 85 points 2 days ago (3 children)

Passwords should be paired with a second factor, preferably biometric, said Gunner, because it’s the most difficult for hackers to bypass.

I think this is a pretty naive risk analysis. Hackers cracking my lemmy password is the least of my concerns. Having my biometric data leaked is one of my highest ones.

[–] Jesus_666@lemmy.world 31 points 2 days ago (1 children)

I think Gunner means a biometrically unlocked second factor like a Yubikey or a smartphone's user attestation. Given how badly written the entire article is, I wouldn't be confused if that's what he originally said before they condensed his statement beyond comprehension.

[–] tgxn@lemmy.tgxn.net 7 points 2 days ago (1 children)

Yubikeys are still not biometric unless you're buying the super-super expensive one. They are just very secure MFA. (in that it's extremely hard to read the secrets from them even with physical access)

[–] fascicle@leminal.space 2 points 2 days ago (2 children)

Don't they just spit out the long password when you press them, I'd figure it would be easy to just plug it into your phone and copy the output if you had physical access

[–] med@sh.itjust.works 2 points 1 day ago

It's OTP. Once a code has been seen, all the previous ones no longer work. There's no point in copying.

There's a second slot that can be used for static passwords. But don't, obviously.

[–] tgxn@lemmy.tgxn.net 4 points 1 day ago

That is but one method of Yubikey. They also support cryptographic passkeys and can store TOTP secrets as well as PGP crypto keys.

The "touch key random key" is a OTP code that can be used for legacy software, Passkey and/or other functions are more valuable to me. Can read more about OTP security here.

[–] Natanael@slrpnk.net 16 points 2 days ago

Biometric is the worst lmao

Passkeys or hardware based security keys is where it's at

[–] UndercoverUlrikHD@programming.dev 5 points 2 days ago (2 children)

Wouldn't biometric data be sensor/implementation specific. I doubt the fingerprint data stored on an iPhone is the same as the one stored on an Xperia.

[–] unexposedhazard@discuss.tchncs.de 8 points 2 days ago (3 children)

Your fingerprint is your fingerprint. If its possible to extract the raw data, then that can be reconstructed into your fingerprint...

[–] BorgDrone@feddit.nl 1 points 1 day ago

Fingerprint readers don’t store a raw copy of your fingerprint, to use a bad analogy: it’s like a biometric hash.

[–] thisbenzingring@lemmy.today 4 points 2 days ago (2 children)

in the early 2000s when fingerprint readers started getting popular, my coworker and I decided to test them...

super glue fumes, printer toner and scotch tape. that's all that was ever needed to bypass the reader once you could isolate a good spot where someones finger left a good mark. like from drinking glass or a door knob

I'm not sure if I'd ever trust a fingerprint to fully be a secure passkey

[–] tgxn@lemmy.tgxn.net 5 points 2 days ago* (last edited 2 days ago)

I would not trust it as a single factor, but 2FA should always be something you have+something you know, biometeics is more of a "something you ARE", which is unchangeable.

[–] binarytobis@lemmy.world 2 points 1 day ago

Also I hear you can be compelled by the police to unlock biometric locks.

[–] kn33@lemmy.world 1 points 1 day ago

That's the thing - it's not possible. The fingerprint is only ever stored within the fingerprint module, with no method for retrieval. The only thing the phone sees is "did this person scan a matching fingerprint or not?"

[–] nimpnin@sopuli.xyz 3 points 2 days ago (1 children)

I don't think that means it cannot be leaked

[–] UndercoverUlrikHD@programming.dev 0 points 2 days ago (1 children)

Yeah, but what would you do with it? Can you convert the bytes to work on any other sensor the victim may also use their fingerprint? Never looked into the real implementation details of the fingerprint hardware.

[–] Natanael@slrpnk.net 1 points 1 day ago

Sometimes you can. Or just bruteforce a colliding pattern that matches to print that instead, because why not

[–] sik0fewl@piefed.ca 33 points 1 day ago (1 children)

A simple workaround is to just use one of the other 40%.

[–] Agent641@lemmy.world 17 points 1 day ago (1 children)

A full list of these harder passwords can be found here:

[–] akwd169@sh.itjust.works 2 points 1 day ago

Links not workong 4 me

[–] MoonMelon@lemmy.ml 18 points 2 days ago (2 children)

I mean, yeah. MD5 blows for this. It's not like programs recommend you keep an MD5 hash of people's passwords on disk or in environment variables, right Perforce?

[–] Dultas@lemmy.world 6 points 2 days ago

Yeah using MD5 at this point is really indefensible and has been for years.

[–] tgxn@lemmy.tgxn.net 5 points 2 days ago

Yeah, unsalted MD5 has been crackable easily for at least 20 years now. 🤣

[–] DocMcStuffin@lemmy.world 13 points 2 days ago (1 children)

Wow this article is kinda shit. MD5 was on the chopping block for password hashing over 20 years ago. It's so seriously broken that if someone is using it they deserve to get bludgeoned to death with a Model M keyboard. We have purpose built solutions just for password hashing.

The only thing the ~~fine~~ bad article sorta got right was two factor. I say kinda because biometrics (something you are) isn't that great of a second factor. Mainly because you can't change it. Also, it's a fuzzy match rather than a hard match. It can be acceptable to use locally and where all the information stays locally AND there is sufficient hardware based security where said biometrics isn't going to get off the device.

Finally, there was no mention of any kind of physical token based factor (something you have). Which pairs well with password, passphrase, or any other "something you know" factor.

[–] Agent641@lemmy.world 3 points 1 day ago (1 children)

I still used MD5 hashing in the apps I work on.

Just not for passwords.

[–] brotundspiele@sh.itjust.works 3 points 1 day ago* (last edited 1 day ago)

If you need hashing for non-security applications, that's fine, but I'd still suggest SHA-1 or -25 or even just CRC instead, as that's something modern (as in less than 15 years old) CPUs can usually do directly in Hardware.

[–] pulsewidth@lemmy.world 13 points 2 days ago

The amount of websites I'm forced to create accounts on for various mandatory crap that insist on a short password (12-16 characters seems common) is embarrassing, and causing a large part of this issue.

[–] Not_mikey@lemmy.dbzer0.com 4 points 1 day ago (1 children)

Were the hashes salted?

[–] khannie@lemmy.world 3 points 1 day ago* (last edited 1 day ago)

I'm not sure it matters. If not it's rainbow table time but they did use a very high end graphics card to test so it's functionally equivalent to salting (except for the tiny extra compute to concatenate the strings before hashing).

I feel like it was just a marketing exercise to show how shit MD5 is.

[–] vrek@programming.dev 8 points 2 days ago

Hasn't md5 been cracked for like 2 decades? Now if they could Crack like aes-256 in under an hour this would be a different conversation.

[–] raspberriesareyummy@lemmy.world 5 points 1 day ago

An hour? Wtf? I swear that 5+years ago I saw a tool that would trivially modify any file by appending MD5-sum-length bytes to match any desired MD5, within a fraction of a second.

[–] menas@lemmy.wtf 8 points 2 days ago

A private security company ask people to give valuable biometric data. No reason to trust what they said, furthermore without step to reproduce.

However from this article :

The professor noted that, in many cases, users aren’t told how to create a good modern password, and in other cases, sites simply don’t enforce adequate password requirements to make passwords secure, to the degree that they can be made so.

Maybe a shall do more crypto-party instead of send our passwords online, giving our phone numbers or biometrics.

[–] kbal@fedia.io 7 points 2 days ago (1 children)

In the past, I was a user of bad passwords. Anything I didn't care about I'd just pick an easy one. Probably 60% of the passwords I created, I did not care at all about and would've been perfectly okay with someone cracking them if they'd wanted to.

I have since changed my ways and use good passwords now. I want nothing to do with biometric data collection and hope that it never becomes normal. Everyone without some kind of brain problems that prevent it should create and remember one good password — the one for their password manager.

[–] Jesus_666@lemmy.world 4 points 2 days ago

I'd use at least one more: The one that unlocks your device shouldn't be the one that unlocks your password manager. Other than that, yes. Use a password manager, let it generate per-service passwords for you, and make sure you have a backup plan.

For example, I use a KeePass database shared across my devices via a self-hosted NextCloud. Each of my devices plus the server effectively holds a backup copy so I'd have to lose all of my devices plus the server before my password database becomes inaccessible. Since the server lives in a datacenter it also serves as a remote backup.

If your password manager is SaaS, you might want to investigate how to protect yourself from scenarios like the service being down or you losing access to the account.