MD5 password hashes are dead

MD5 hashes, still a common method for securing login passwords, are no longer an adequate defence against hackers, according to Kaspersky Lab analyst Evgeny (Eugene) Aseev.

Aseev, who heads the company's China Anti-Virus Lab, dismissed MD5 hashes in a throw-away comment during an otherwise routine presentation on recent high-profile hacking incidents in Kuala Lumpur yesterday. He later confirmed his assessment to CSO Online.

"MD5 is not really enough now," Aseev said. Asked whether rainbow tables had won the battle against MD5, he agreed.

Rainbow tables had been used to crack passwords in the attack on H B Gary Federal by Anonymous earlier this year.

MD5 is a cryptographic hash function that takes a plain text input, such as a password, and returns a seemingly-random 16-byte number, called a "hash value". Authentication systems store the hash value rather than the original password. When a user logs in, the password they enter is processed through MD5 and compared with the hash value on file, allowing access if there's a match.

It is computationally difficult to work backwards and produce the original password from the hash value. In theory this means that it wouldn't matter if an attacker gained access to the stored password hashes.

However hackers now pre-compute the hash values for all possible passwords within a certain range using thousands of networked computers, storing them in multi-gigabtyte databases called rainbow tables.

Rainbow tables are readily available online, containing the MD5 hash values for all possible passwords up to eight characters long, provided they consist of nothing but letters in upper and lower case, digits and spaces, and all passwords up to ten characters long if they are nothing but lower-case letters.

In the H B Gary incident, both chief executive officer Aaron Barr and chief operating officer Ted Vera had been using passwords consisting of only six letters and two numbers -- and the problem was compounded when they used the same passwords for both their Google accounts and H B Gary's internal systems.

"Lots of fails in this story," Aseev said.

Cryptographers have also been warning against potential weaknesses in the MD5 algorithm since the middle of the last decade. MD5 "should be considered cryptographically broken and unsuitable for further use", wrote US-CERT in 2008. Nevertheless, MD5 hashes are still widely used in web applications.

Rainbow tables can be defeated by using much longer passwords, or passwords with added salt -- random bits added automatically to the user's password to extend its length -- although presumably these techniques will eventually be rendered useless by ever-larger rainbow tables.

Assev recommends using two-factor authentication, such as systems that require a separate hardware token or smartcard. He also recommends that users be forced to create complex passwords, and educated against reusing passwords or falling for social engineering tricks.

Stilgherrian travelled to Kuala Lumpur as a guest of Kaspersky Lab.

• Tweet