MD5crypt Password Scrambler Is No Longer Considered Safe
本帖最后由 ulovko 于 2012-07-09 22:19 编辑As reported here recently, millions of LinkedIn password hashes have been leaked online. An anonymous reader writes
"Now, Poul-Henning Kamp a developer known for work on various projects and the author of the md5crypt password scrambler asks everybody to migrate to a stronger password scrambler without undue delay. From the blog post: 'New research has shown that it can be run at a rate close to 1 million checks per second on COTS GPU hardware, which means that it is as prone to brute-force attacks as the DES based UNIX crypt was back in 1995: Any 8 character password can be found in a couple of days. The default algorithm for storing password hashes in /etc/shadow is MD5. RHEL / CentOS / FreeBSD user can migrate to SHA-512 hashing algorithms.'"
Reader Curseyoukhan was one of several to also point out that dating site eHarmony got the same treatment as LinkedIn. Update: 06/07 20:13 GMT by T : An anonymous reader adds a snippet from Help Net Security, too: "Last.fm has piped up to warn about a leak of their own users' passwords. Users who have logged in to the site were greeted today by a warning asking them to change their password while the site investigates a security problem. Following the offered link to learn more, they landed on another page with another warning."
FROM: http://tech.slashdot.org/story/12/06/07/1529252/md5crypt-password-scrambler-is-no-longer-considered-safe?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
楼主,你的头像大图版哪儿有啊?
回复 2# sleepcat
马上传给你
哇哈哈,太棒了!
谢谢!
回复 4# sleepcat
怎么样 你也想用她嘛 好吧我破例一次 允许你用于头像 ^_^ {:3_186:} ulovko 发表于 2012-07-09 22:27 static/image/common/back.gif
回复 4# sleepcat
不,收藏。
好像现在都是用更复杂的加密算法吧。 AES-2048才是王道 @macafee 是的呵 :emn31:
页:
[1]