Say bye-bye to the old trusty MD5

It is official: Microsoft is one of the big ones who’ll be retiring the venerable-but-vulnerable MD5 algorithm. Don’t worry, you’ll still be able to create MD5 hashes for your documents and verify them, but not for authentication and code signing anymore.

md5_logo_n1
The first chink in MD5’s armor was discovered in 1996; while not critical (MD5 creates 128-bit hashes – the vulnerability is in one of the 64 steps to create the hash value) security experts began recommending alternate algorithms. Both recommended replacement hash functions became obsolete since then.

How big of a security risk was the 1996 announcement? When something like this comes up, cryptoanalysts begin investigating, and creating scenarios, how the fuction can be compromised. It took 8 years, and an unimaginable increase in computing power to crack the MD5 hashing algorithm. The server the chinese analysts demonstrated on (a pSeries IBM) reportedly had 24 Power processors and 1TB RAM – to find a collision with a randomly given MD5 hash took less, than 1 hour.

power6
What is a collision? Basically you take two files which differ in size and (obviously) content, you run your favourite md5sum command on them, and surprise-surpise, the files got identical hashes. No big deal, really? Imagine then what horror Adobe’s programmers felt, when _all_ their user data, passwords, hints, everything was leaked. The passwords were of course left encrypted, but savvy users soon found by sorting the data by password hash, that there were many similarities, even when the password hints indicated completely different. In MySQL databases you have the option to have your fields be MD5 encrypted, and many authentication algorithms simply create a hash when you put your password in the password field, and then compare it to the stored value in the sql database.

login_field

Using the cracking method outlined in the 2004 announcement, and some (cheap!) hardware, a password can be created from an MD5 hash value. It won’t be the original password, but since the hashed value will be the same – you’re in like Flynn. The hardware required is really not on the same level as in 2004 – today you can use the just about anything with a processor in it, a powerful GPU is one way, or use your bitcoin-mining FPGAs to create a program that just runs the blocks over and over, hundered million times a second. The only good thing about the published methods is, that you won’t be able to decode the orignal password, just replicate it with something that will be accepted as your password.

Read about the update in more detail on Microsoft’s website: Technet
Read about the MD5 function, its history, and the vulnerability: Wikipedia
Check if your personal data was leaked: ZDNet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s