There is no good excuse, IMHO, but we also haven't done a good enough job drawing attention to how to do it properly in a way that's easy for non-cryptographers to understand. Too many developers think "cryptographic hash function" means "safe [as-is] for password authentication."
On Mon, Nov 19, 2012 at 8:19 AM, Jeffrey Walton <[email protected]> wrote: > An Adobe break in does not surprise me. > > Has anyone come across a paper on how to migrate an existing database > with, for example, unsalted MD5 hashes, to something more appropriate > for 2012? Naively, I don't see why MD5(password) cannot be an input to > an improved system. That is, MD5(password) is just a pre-processing > step to a system built with cryptographic legos. > > I'm trying to figure out why folks like Adobe (who know better and > have the resources) are still using unsalted MD5. I suspect the answer > has something to do with "its cost effective to be grossly negligent," > but I want to give offenders the benefit of the doubt. > > Jeff > > > http://www.h-online.com/security/news/item/Adobe-confirms-customer-data-breach-Update-1750344.html > ... > Update 15-11-12 14:55: According to security firm Sophos, the > passwords were stored as unsalted MD5 hashes, which can easily be > cracked quickly using modern CPU and GPU hardware. If the database > extract turns out to be genuine, Adobe should have invested a little > more effort in protecting the passwords of its users. > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
