Password protecting a data file... how to cope with forgotten password?

Dave Cragg dave.cragg at lacscentre.co.uk
Thu Jun 14 03:29:39 EDT 2012


On 13 Jun 2012, at 14:47, Richard Gaskin wrote:

> MD5 has been known to be theoretically crackable for some years, and this has become a reality as noted in recent news:
> 
>   MD5 password scrambler 'no longer safe'
> 
>   Summary: The MD5 password hash algorithm is “no longer considered
>   safe” by the original software developer, a day after the leak of
>   more than 6.4 million hashed LinkedIn passwords.

I've read about this, but I'm still unclear about exactly what the problem is. I understand that MD5 was "cracked" some years ago making it unsuitable for use as a checksum. (Given the original data to which MD5 is applied, it is possible to produce another set of data that will produce the same MD5 checksum.) But this didn't affect MD5's usefulness as a hashing method for passwords. From what I've read, the recent problem is not that MD5 has been cracked, but that it is too fast  and therefore allows brute force attacks on lists of hashed passwords, even those that have been salted. My first thought was that applying MD5 twice or more times would perhaps increase its security, but nowhere do I see this suggested as a solution. If anyone can add any information or point out my probable misunderstanding, I'd be very grateful.

Cheers
Dave 



More information about the use-livecode mailing list