Eh, sorry, but you cannot crack hashes. At best you can come up with a strong that generates the same hash, but finding the exact original value won’t happen, that’s not how hashes work, that is not how anything works.
Each hash output value in principle can have an infinity of different inouts that lead to that output. Because of that, hashes are a one way street
Having said that, are you telling me that a properly salted hash using a modern algorithm like argon2id, or just even plain sha256, can be “cracked” in 14 days? I’m going to go ahead and say “no”
In my comment, '“cracking” referred to finding a password that matches the hash. That’s common nomenclature. The found password doesn’t have to be the original password but it’s rather likely at the string lengths involved, especially since Kaspersky used a dictionary to back the attack.
Also, you wouldn’t use a hashing function where a large number of inputs of a usual password length turn into the same hash. That would just make all passwords weaker. The point of hashing a password is to store something that (ideally) uniquely matches the correct password but can’t be used to easily derive the password.
The factor of 1000 I gave was a very rough ballpark number. I couldn’t find any good comparison between the actual throughput of MD5 and bcrypt or Argon2. And yes, a single round of SHA256 would be cracked quickly; it’s much less work-intensive than Argon2 and even has dedicated hardware acceleration in modern CPUs. Argon2 with a high work factor is vastly more resistant than MD5 and SHA256.
Also, salting doesn’t protect against brute force and enhanced dictionary attacks. The salt is stored with the password so the attacker knows it. It only protects against rainbow tables. Pepper protects against offline cracking.
If you can generate an input which satisfies an md5 comparison which results in being able to authenticate with a system, then I think debating if that is a “crack” or not is purely semantic.
Although you are for sure technically right, I think any actually observed md5 collisions are with very large inputs, many orders of magnitudes longer than a password. The smallest input (first found, almost certainly) is almost certainly what the original password was.
Eh, sorry, but you cannot crack hashes. At best you can come up with a strong that generates the same hash, but finding the exact original value won’t happen, that’s not how hashes work, that is not how anything works.
Each hash output value in principle can have an infinity of different inouts that lead to that output. Because of that, hashes are a one way street
Having said that, are you telling me that a properly salted hash using a modern algorithm like argon2id, or just even plain sha256, can be “cracked” in 14 days? I’m going to go ahead and say “no”
In my comment, '“cracking” referred to finding a password that matches the hash. That’s common nomenclature. The found password doesn’t have to be the original password but it’s rather likely at the string lengths involved, especially since Kaspersky used a dictionary to back the attack.
Also, you wouldn’t use a hashing function where a large number of inputs of a usual password length turn into the same hash. That would just make all passwords weaker. The point of hashing a password is to store something that (ideally) uniquely matches the correct password but can’t be used to easily derive the password.
The factor of 1000 I gave was a very rough ballpark number. I couldn’t find any good comparison between the actual throughput of MD5 and bcrypt or Argon2. And yes, a single round of SHA256 would be cracked quickly; it’s much less work-intensive than Argon2 and even has dedicated hardware acceleration in modern CPUs. Argon2 with a high work factor is vastly more resistant than MD5 and SHA256.
Also, salting doesn’t protect against brute force and enhanced dictionary attacks. The salt is stored with the password so the attacker knows it. It only protects against rainbow tables. Pepper protects against offline cracking.
If you can generate an input which satisfies an md5 comparison which results in being able to authenticate with a system, then I think debating if that is a “crack” or not is purely semantic.
Although you are for sure technically right, I think any actually observed md5 collisions are with very large inputs, many orders of magnitudes longer than a password. The smallest input (first found, almost certainly) is almost certainly what the original password was.