/// A Bad Week for Passwords, and One Way to Make It Better

June 7, 2012  |  All Things Digital

Shutterstock/Péter Gudella Passwords are having a very bad week. First came word that more than 6 million passwords belonging to LinkedIn users were compromised in an attack. Today, the social music service Last.fm confirmed its password files have been compromised. Dating site eHarmony suffered another breach of its password files. There aren’t many technical details about how the breaches were carried out. LinkedIn has confirmed the breach but has offered no details on what happened. The fundamental problem is simple: Passwords have to be stored somewhere in order for them to be useful. They’re usually stored in a scrambled form using a mathematical function called a “hash” to make them difficult obtain. One hash algorithm that has been in use for almost two decades is called MD5, and you can see it in action here . When I type in the phrase “the rain in spain falls mainly on the plain,” I get back the string of text: 262aac1a988ef3be5b01d1a565cc5acb. The problem with hash codes is that with the increase in computing power, it’s increasingly easy to take that long string of letters and numbers and convert it back into text. If you like, you can cut and paste the string above and plug it into this free MD5 hash-cracking site and see what I mean (make sure you don’t include the period). You should get the original text as your result. As hash algorithms go, MD5 is pretty old. It dates to about 1995, and as such has been declared “no longer safe” by its creator. Other stronger hash algorithms have emerged. One called SHA-1 , created by the National Security Agency, takes my phrase from the MD5 example and turns back this longer, presumably harder to break string: 9a73724fb8bcb23447453be5a02c48bad5be02bf. No such luck

Go here to read the rest:
A Bad Week for Passwords, and One Way to Make It Better


Leave a Reply