0

If I have two different MD5 password hashes with two different salts (the salts are known), is there any way to cryptographically deduce if the two passwords match? Other than brute force password cracking, that is.

Jonas Bjork
  • 376
  • 1
  • 4
  • 5
    I'm voting to close this question as off-topic because it is about cryptography, not server-admin. This question maybe suited for the Crypotgraphy SE site (https://crypto.stackexchange.com/), but check with their question requirements before posting. – MrWhite Jun 26 '18 at 10:44
  • 1
    Brute force password checking with MD5 is so fast the *functional* answer here is "yes, with fairly minimal time/resources". Use a better hashing algorithm. – ceejayoz Jun 26 '18 at 16:32

1 Answers1

1

It's obviously not possible. The salts are used mainly so that your question could be answered: NO, the attacker knowing a pool of passwords and their hashes (and their salts) cannot easily cross-check my hash.

kubanczyk
  • 13,502
  • 5
  • 40
  • 55
  • This answer, IMO, is functionally inaccurate because a pretty decent MD5 rainbow table can be generated in a matter of hours for any particular salt for a few bucks on AWS. – ceejayoz Jun 26 '18 at 16:53
  • @ceejayoz Multi-VPS is "brute force" which OP specifically excluded from the question. – kubanczyk Jun 26 '18 at 17:40
  • Which is a silly exclusion. Brute forcing bcrypt will take you millennia. Brute forcing MD5 takes minutes. – ceejayoz Jun 26 '18 at 17:47
  • Preventing exactly this is the entire reason for salts. – David Schwartz Jun 26 '18 at 19:45
  • @DavidSchwartz Yes, but a weak algorithm like MD5 means salting doesn't really save you. You can generate a custom rainbow table for the salt quickly enough as to still heavily compromise the security. The hard rule is *don't use MD5 for password hashing*. Period. – ceejayoz Jun 27 '18 at 01:45
  • @ceejayoz Scratching my head over your comments and a downvote, as you have twice my reputation here. I regarded rainbow tables as an example of brute force approach, but it looks I could be wrong about that categorization. I think it's best for OP to clarify. I *do* understand that brute force *will* be quick if you have a weak hash, really. – kubanczyk Jun 27 '18 at 10:45
  • @kubanczyk Rainbow tables are a brute-force approach, yes. I'm pointing out people frequently *incorrectly* believe that salting MD5 makes it safer. The *speed* at which MD5 can be brute-forced makes brute-forcing a valid approach. Any "is MD5 safe if you do foo" question really needs an answer of "it is **never safe to use MD5 for password hashing, no matter what you do**". There's no real point discussing it beyond that. – ceejayoz Jun 27 '18 at 13:17
  • I'm sorry but I don't buy it. Sure, MD5 is not considered a secure MAC and there are issues regarding collisions etc. BUT it's not as insecure as you guys make it sound. MD5 provides 127 bits of security. That means that if you use a good password and your cpu tries 100k attempts per second, then it will take 5.4e25 years to successfully crack the password. – Jonas Bjork Jun 27 '18 at 22:42
  • @kubanczyk ^--- – Jonas Bjork Jun 27 '18 at 22:44