Cybersecurity

9939 readers

155 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

165

60% of MD5 password hashes are crackable in under an hour (www.theregister.com)

submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

41 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] DocMcStuffin@lemmy.world 13 points 1 day ago (1 children)

Wow this article is kinda shit. MD5 was on the chopping block for password hashing over 20 years ago. It's so seriously broken that if someone is using it they deserve to get bludgeoned to death with a Model M keyboard. We have purpose built solutions just for password hashing.

The only thing the ~~fine~~ bad article sorta got right was two factor. I say kinda because biometrics (something you are) isn't that great of a second factor. Mainly because you can't change it. Also, it's a fuzzy match rather than a hard match. It can be acceptable to use locally and where all the information stays locally AND there is sufficient hardware based security where said biometrics isn't going to get off the device.

Finally, there was no mention of any kind of physical token based factor (something you have). Which pairs well with password, passphrase, or any other "something you know" factor.

[–] Agent641@lemmy.world 3 points 1 day ago (1 children)

I still used MD5 hashing in the apps I work on.

Just not for passwords.

[–] brotundspiele@sh.itjust.works 3 points 1 day ago* (last edited 1 day ago)

If you need hashing for non-security applications, that's fine, but I'd still suggest SHA-1 or -25 or even just CRC instead, as that's something modern (as in less than 15 years old) CPUs can usually do directly in Hardware.