leaking unsalted md5 passwords == leaking passwords

Buge · on Dec 15, 2016

Not if it's my password. I use ~100 bits of entropy.

throwaway729 · on Dec 17, 2016

Hence "Strong passwords that need to be memorized" in OP's comment. Or else your memory is way better than mine (or I care way less, or probably both).

Buge · on Dec 17, 2016

Whether they need to be memorized or not does not make the statement "it will be leaked eventually anyway" more true.

I use a password database so I don't memorize most of my passwords.

throwaway729 · on Dec 18, 2016

Well, it does, because memory puts some limitations on length and complexity...

Buge · on Dec 19, 2016

It is possible to memorize a 100 bit password. I once had a 1000 word poem memorized, and could write it down flawlessly from memory.

I agree that it's not worth memorizing, you should instead use a password database. But I still maintain my original point that there's no reason to assume that your password will be leaked eventually if you use a strong password.

supergreg · on Dec 15, 2016

Could the attacker find an easier to find string that matches the same md5 hash?

Dylan16807 · on Dec 15, 2016

The current best attack wrt matching an existing hash brings MD5's 128 bits of security down to 123. So no, that's not going to happen.

Dylan16807 · on Dec 15, 2016

MD5 is terrible for human passwords because it's fast. But md5 is not actually broken for password storage purposes. If you use a long random password, md5 is enough.

raverbashing · on Dec 15, 2016

Yes, if you add a (long - at least 32 bit) salt and something like at least 10^9 rounds of MD5 then, yeah, it's probably ok

Dylan16807 · on Dec 15, 2016

No. I mean single unsalted MD5. You will not crack a 20-random-char password. You cannot process 2^120 guesses, and MD5 is not broken for this use.