That’s Why You Protect /etc/passwd

By on July 3, 2004

Think MD5 is good enough to keep all of your passwords secure? There’s a reason that modern UNIX systems recommend you use shadow passwords, and this is it:

This project is dedicated to crack md5 hashes online through web interface. At the moment we can crack md5 hashes in this character range: a-z;0-9 [8] which means we can break almost all hashes (99.56%) which are created from lowercase plaintext with letters and/or digits up to length of 8 characters.

Apparently the site is cracking around 150 hashes a day. This really changed my attitude towards MD5. I’ll double or triple-crypt MD5 hashes from now on, or maybe switch to Blowfish.

Via SlashDot.