|
|
|
|
|
|
by philh
6251 days ago
|
|
|
Being able to get access to plaintext passwords is obviously a terrible security flaw. But would it be much less bad if an attacker got access to a lot of hashed passwords? A dictionary attack will get you many of the plaintexts in a reasonable timespan. Possibly users with dictionary words as passwords are also more likely to share them across sites; certainly the intersection is nonempty. People with strong passwords might remain safe, but not necessarily. A bruteforce is much more worthwhile when you're trying to crack thousands of passwords at a time. If there's no salting and the hash algorithm is widely used, you may not even need to worry about getting exactly the original rather than something which happens to collide with it. Obviously hashing is still better than no hashing, especially since there will be cases where only a few passwords are leaked. But if a database containing passwords is stolen, it may be reasonable to assume all those passwords are compromised, even if they were hashed. |
|
|
I would thus argue that a secure hashing schema is significantly better. This is assuming the programmer uses bcrypt in the first place, which is a questionable assumption: even popular projects like phpBB use MD5 for password hashing. (The fools.)
If MD5 is used then I would wholeheartedly agree with you: I've used http://milw0rm.com 's MD5 hash breaking service plenty of times to know why I shouldn't use that algorithm in my own code. (One of my old passwords is in the database, but I'm not telling you which one.)