[wp-hackers] Password Handling Improvements - Trac Ticket #2870

[Sam Angove]

On 9/26/07, DD32 <wordpress at dd32.id.au> wrote:
>
> But whats the hashing speed of MD5 these days? Anything from 50 to 500 hash's a second on todays average hardware can be expected it seems,

Try 500 *thousand*, and that's lowballing it. Also, bear in mind that
brute-forcing hashes is embarrassingly parallel[1], so it can take
full advantage of your multicore machines, clusters, botnets,
whatever. MD5 is fast, and getting faster.

[1]: http://en.wikipedia.org/wiki/Embarrassingly_parallel

> The article says that the aim of the game is to make the salt long enough that the string
> is too long to be brute forced, but hold up there, If they're stored together, then you've
> allready got the first 128 characters of the hashed string(the salt), therefor the brute force
> attack is now going to take the same time regardless if the password is stored with a salt
> or not.

You're completely right. The time spent reading Atwood's article would
have been better spent reading the one by Thomas Ptacek[2] that he
selectively quoted from.

[2]: http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/

The aim of the salt isn't to make *individual* passwords harder to
brute-force; it's to make it take a hundred times longer to crack a
hundred passwords than it does to crack just one. That's all.

The strength of the system lies in making it impractical to
brute-force even one, let alone a hundred. MD5 doesn't give you that.