Hot:

When it comes to passwords nearly everyone has their own system to deal with them.  But how secure are they?  Today most passwords under 9 characters are not really deemed secure thanks in large part to the databases that are available to simply look up the passwords.  But aren’t they encrypted or secured from prying eyes you may be thinking? Sure but the most common form is to save them in MD5.  SHA1 and similar variants are uncommon as well as better methods but for the vast array of online web sites, MD5 is considered standard.

How easy is it to break or crack a MD5 password? Well that depends on the site.  If they implement decent authentication mechanisms or common protocols such as SSL then it’s a bit more difficult.  However many web sites are not secure or implement SSL, and simply use MD5 hashing to store the password in a database or even a cookie.  If someone can grab this MD5 which may not be all that hard to do, then they can access online databases such as “Rainbow Tables” or similar.  Additionally it’s more common to find online md5 crackers as I recently found a great article on Carnal Ownage regarding this matter. http://carnal0wnage.attackresearch.com/node/402.

Not all of these are equal, or perhaps even worthy of using but for the mass public it’s important to understand a few basic considerations.

1. Web sites that utilize MD5 hashs cannot be deemed secure
2. MD5’s of your password can be retrieved and processed by unknown parties
3. Many MD5’s of simple passwords are already known and require no time virtually to determine
4. Passwords should be different on all the web sites you visit, never use the same password twice
5. If it’s an important web site or you share personal information, ensure they use better password protection methods than this

For a vast majority of sites it’s not a huge issue as there isn’t much to gain, but I believe you want to be aware of potential risks before you become a victim.  Or perhaps you like using the same password on many sites and access it from many different locations like home, work, cellphone, etc. and think this provides you with some security.

Every year these tasks get easier and easier to perform and the likeliness of another passphrase being discovered increases so remember the basic rules to even not so important web site passwords:

1. Make use of upper and lower case letters, numbers and all the symbols on your keyboard.
2. Don’t use words or common dictionary phrases, stick to random sequences
3. Use a decent password manager to store your passwords so you don’t have to use the same one everywhere
4. Make a habit of changing your password every so often
5. Decide if that site you just visited ‘really’ needs you to login everytime you visit.
6. If a site offers SSL or better authentication than the standard userid and password, then make use of it
7. Never share details that could be used on more critical sites such as banks, utility accounts, work related web sites.

Remember that passwords are only effective if they remain private.  Over time all passwords lose the effectiveness and need to be refreshed.

Have a story to tell about passwords or MD5 crackers?  Feel free to leave a comment or a link back to your story.

related post

• Unlocker 1.8.7 Infected with Trojan Adware
• Spam with a bonus -- 'Oops'
• Malware Discovered In Ubuntu -- Gnome Screensaver and Gnome Theme
• LCDC Plugins Infected With Malware
• Unknown DOC file in email a7b207839f751a525f2328f3a07e7cb9