How the Outdated MD5 Can Put Your Passwords at Risk
5F4DCC3B5AA765D61D8327DEB882CF99 – for the vast majority of you, this probably looks like a random string of letters and digits. For cybercriminals going after people's personal data, however, this particular mess of alphanumeric symbols could be a very good sign.
5F4DCC3B5AA765D61D8327DEB882CF99 is the hash value of the word "password" when it's been hashed with MD5, and today, we'll explain just how bad the consequences could be if this particular string is found in an online database. First, however, let's make sure we're familiar with the basic concepts.
Hashing is a cryptographical function which, as you can see from our first paragraph, turns a password into an illegible string of text. In that sense, it's similar to encryption, but because there are no keys, the process can't be reversed. In other words, you can use hashing to turn a password into a string of symbols, but you can't convert the string back to a password. Theoretically speaking, this is what makes hashing the best method for storing passwords. Unfortunately, the reality is a bit more complicated.
The importance of choosing the right hashing function
There are many different hashing functions (also known as algorithms), and even if you apply them to the same password, each and every one of them will produce a completely different result. As you can probably guess, some algorithms are more secure than others. MD5, the function we mentioned above, is arguably the worst of them all.
MD5 was introduced back in 1992, but within four years, people started having doubts about its security. At first, the attacks were not really practical, and regular users who had their login data hashed with MD5 weren't in any immediate danger. Research continued, and computer hardware became more powerful, though, and sure enough, in 2008, a group of cryptography experts managed to forge an MD5-signed SSL certificate using the computational power of just three PlayStation 3 gaming consoles. Back then, Bruce Schneier, one of the most recognizable names in the security industry, said that "no one should be using MD5 anymore". Nowadays, these words ring truer than ever.
Researchers discover that MD5 is still used extensively
It's been more than a decade since the cryptographic community demonstrated just how inadequate MD5's security is, and you'd think that in that time, people would have realized that using it is a bad idea. Unfortunately, while SSL certificates no longer have anything to do with MD5, databases leaked during recent hacking incidents do suggest that some online service providers continue to use the ancient hash function.
Finding out how many of them do it is impossible, though. Usually, you have no idea how your password is stored, and although you can always ask every individual website operator about it, you won't get a response from all of them. And even if you do, conducting a survey on a scale that could provide any sort of meaningful data is just not practical.
Researchers from the University of Piraeus in Greece were still curious, however, and they put together an experiment that might just give us some data on how websites store our passwords.
The majority of today's websites are built on open-source Content Management Systems (CMSs) – software that lets you control an entire online platform through a relatively easy-to-use backend administration panel. Even some of the more customized online services are usually based on web application frameworks – prewritten computer code that acts as the foundation for the rest of the website.
To spare website owners the trouble of choosing and implementing password hashing mechanisms, virtually all CMSs and some of the application frameworks come with their own. The Greek eggheads wanted to find out how well designed they were. The results were not exactly encouraging.
The researchers experimented on 49 popular content management systems and 47 web application frameworks, and they focused on three main factors – the hashing algorithm itself; whether or not the hashing mechanism employs multiple iterations; and whether or not passwords are salted before they get hashed.
By default, 13 of the tested CMSs still rely on MD5 for the hashing of users' passwords, and a further 6 make use of SHA1 – another function that has long been declared obsolete. Somewhat surprisingly, WordPress, the CMS that is reportedly powering about a third of all the websites in the world, is among the ones relying on MD5.
There's more disturbing data. WordPress might use MD5, but at least it salts the passwords before hashing them, and the hashing function is applied more than 8 thousand times all of which makes the password crackers' job much harder. 18 of the tested content management systems employ no iterations, and 7 don't salt users' passwords.
Things are not radically different when it comes to web application frameworks. Only 1 of the tested frameworks uses MD5, but 10 in total rely on weak hashing functions, and 6 use no iterations. Two of the frameworks don't salt users' passwords.
The silver lining
It is rather easy to sensationalize the undoubtedly disappointing figures and to say that all the websites using WordPress, for example, are storing passwords insecurely. That would be wrong, though.
The target of the experts' research was the CMS' default hashing mechanism. Every developer can change it for a different one that relies on a more robust function. What's more, salting and a large number of iterations should still be enough to stop most of the hackers in their tracks, even if the hashing algorithm is not that robust.
The research does show that the hashing mechanisms of many CMSs aren't as strong as they should be, and the communities that support and develop them should probably think about doing what 20 of the tested systems already do – employ bcrypt as the default algorithm for protecting people's passwords.
The less-than-perfect storage practices can never be an excuse if your easy-to-guess and extensively reused password falls into the wrong hands, though. So, the priorities for the regular user should be different.