69
60% of MD5 password hashes are crackable in under an hour
(www.theregister.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 10 May 2026
69 points (91.6% liked)
Privacy
5659 readers
495 users here now
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be civil and no prejudice
- Don't promote big-tech software
- No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 2 years ago
MODERATORS
MD5 is a hashing algorithm (for simplicity, let's wrongly say hashing it's something akin to encrypting) that is very fast to compute. That is bad for password storage, since it means you are vulnerable to a brute force attack; you want the algorithm for password storage to be slow enough to make that attack unfeasible.
Aditionally, there's also attacks like dictionary attacks, where you can use precomputed hashes of commonly used passwords (that's a reason you shouldn't re-use passwords accross websites: if one of them falls, the rest are vulnerable to dictionary attacks). To prevent these, you use salted algorithms, of which MD5 is not, at least out of the box.
That's true.
But it is even more important to not use the same username across websites and to not use usernames that have anything to do with you as a real person.
Someone knowing all of your usernames and only one of your passwords is worse than someone knowing all of your passwords and only one of your usernames.