[problemdomain]

You're fundamentally misunderstanding the problem domain.

At the highest level, you're missing the issue of specialization and parallelization.

This misunderstanding is partly alluded to by your surprise at the power of GPUs to hash passwords. GPUs can have hundreds or even thousands of what you might think of as "cores", but they're very specialized cores that are only suited to certain kinds of operations. Those operations were originally intended for the problem domain of high-performance graphics, but as it happens, many of those same operations mesh very well with cryptographic hashes. In essence, we've all got specialized massively-parallel password-cracking supercomputers sitting on our desks.

Take this up a level, and you might see the most obvious implication: More $500 graphics cards, more passwords cracked in a given timeframe. Very naïvely speaking, 7,000 $500 graphics cards, $3.5 million. You've just gained the ability to hash every one of those 12-character strings in one year for the cost of a funding round. Oops.

Relatedly, you're talking about cracking a password. That's wrong. Nobody cares about cracking your password, or my password. They're going after passwords, in a massively plural sense.

Start with 100,000 md5 password hashes. Assume the passwords are all 12 characters (they're not) and they're randomly generated (again, not). You don't conduct a brute-force search for every hash, you conduct a brute force search for 100,000 hashes. 7,000 years divided by 100,000 hashes is 25.55 days. With a $500 graphics card, the crackers can brute-force a password every month.

Now, once you realize that the entropy in the average password is not even within an order of magnitude of 60^12, you might begin to see the problem. You'd be lucky to find a password that's 36^8.

That purported 7,000 years is starting to look a lot smaller, isn't it?

This is why we have things like bcrypt and PBKDF2.

[pbhjpbhj]

>"7,000 years divided by 100,000 hashes is 25.55 days." //

This only works if hash reversal costs the same as hash calculation. I think you've made an error.

Brute force in hash terms doesn't mean a "search" it means you take a string, hash it and see if the hash matches. That's the brute part, no grace.

The 7000 years figure is clearly vastly inflated what's needed for passwords in the wild but I'm merely countering the contention that 'md5 is as good as plaintext'.

I note that despite it apparently only taking seconds to reverse my short string that no one has posted the plaintext yet. This doesn't look like it is as easy to read as plaintext.

I'm not at all claiming md5 is good security - just suggesting that the claim that md5 is equivalent to plaintext is hyperbole.

The easy way to show that I'm wrong is to post the plaintext of that hash.

[problemdomain]

> Brute force in hash terms doesn't mean a "search" it means you take a string, hash it and see if the hash matches.

A) That is a search, and B) I know this. You are still fundamentally misunderstanding the problem domain. We don't care about a hash. We care about 100,000 hashes. You don't need to brute force every single hash from scratch, you simply have to take a string, hash it, and see if that hash is present in the table of 100,000 hashes.

> I note that despite it apparently only taking seconds to reverse

No one claimed that, you inferred it based on a fundamental misunderstanding of the problem domain.

[pbhjpbhj]

>A) That is a search //

Ha ha. Not really. You're not searching for the plaintext that produces a hash. You're producing hashes irrespective of the result and then matching. IMO the term search would only truly apply if you were reversing the hash mathematically - you'd start with the hash and perform a non-complex operation to find the plaintext.

Instead one searches across hashes after compiling a correspondence table, not across plaintexts. I suppose it's a subtle distinction; largely irrelevant to my contention.

>you inferred it based on a fundamental misunderstanding of the problem domain //

I did not infer it. It was implied. For example,

emidln: "md5 passwords lists are plaintext for modern hardware"

So yes, I suppose adding on a few seconds for plaintext recovery was unfair of me, based on a comment like this I should have said "I note that despite just having to read it back almost as quickly as plaintext ...".

WRT the problem domain. You're discussing an entirely different issue to that which I raised. The start point is simply this:

>"MD5 is an utterly terrible password hash. It's just about as bad as plaintext." //

That is the pertinent problem domain for my comment. I even went to efforts to emphasise that beyond that atomic claim I was recognising the paucity of md5 for real world password hashing - I don't think one can have used Rainbow tables and not realised that point. Are you really contending still that md5 is almost equivalent to plaintext in terms of string discovery and that there is no exaggeration in that.

If the IEEE logs were released with md5 hashed passcodes then other than trivial recognisable cases like 2867-whatever-it-is then one at least has to do work to recover the plaintext.

Aside: I'm intrigued why you created a separate account just to press this position.

[problemdomain]

The question of password hashing does not concern a password, it concerns passwords. This is a textbook case of being unable to see the forest for the trees. I'm actually astounded by how closely the idiom matches this case.

A simple MD5 hash is "about as bad as plaintext" because the vast majority of passwords will be trivially cracked if it's used, not because any one password will be cracked in a trivial timeframe.

masklinn was speaking against this background. You've created a whole other background that just isn't relevant to the real world issue of password hashing.

> Aside: I'm intrigued why you created a separate account just to press this position.

I created an account so I'd have one to respond to your comment with. The choice of name does not mean it's specific to this discussion, it was simply inspired by it. Again, you focus on an individual detail to the detriment of the big picture.

[pbhjpbhj]

>Again, you focus on an individual detail to the detriment of the big picture. //

Ostensibly the difference here is that you're looking from the administrative side (it appears) and I'm looking from the user's side.

As for "again". Surely using your regular account makes for a bigger picture as I could see where you're coming from, your general demeanour, your desire to argue incessantly around the point whilst not broaching the point itself, that sort of thing. From your side the choice of name as specific may well be "the big picture" but from anyone else reading the discussion you've removed a lot of out-of-band information that could be pertinent. Which to be honest makes me chuckle as you accuse me, probably rightly in this instance, of narrow focus.

>A simple MD5 hash is "about as bad as plaintext" because the vast majority of passwords will be trivially cracked if it's used //

With plaintext all passwords will be "cracked" in zero time. With MD5 good passwords will be expensive to crack. ROT-13 is about as bad as plaintext. MD5 IMO is better to a point that this claim was exaggeration.

So we'll go straight to the rub - you disagree that there was any exaggeration in that initial statement?

[problemdomain]

> I'm looking from the user's side

From the user's side, proper password storage practices mean your passwords are far less likely to be compromised.

> Surely using your regular account

Uh, and what "regular account" would that be? You assume much, but know little.

> you disagree that there was any exaggeration in that initial statement?

Yes.