Thread: Should we be worried?
View Single Post
10-01-2005, 03:01 PM
 #26
patrickPaul is offline patrickPaul
Status:
Join date: Dec 2004
Location: California, US
Expertise:
Software:
 
Posts: 406
iTrader: 1 / 100%
 

patrickPaul is on a distinguished road

Send a message via AIM to patrickPaul Send a message via MSN to patrickPaul Send a message via Yahoo to patrickPaul

  Old

Mickoc,

MD5 is not reversible in any sense. What's happening is people are making databases of passwords and hashes which others have provided. This isn't reversing them, but as long as people are able to create the has one-way, you can't stop someone from making such a database.

If it makes you feel better, for every character that you have in your passwords, in order to brute force your password there are 64^n possibilities (Meaning 64 to the nth power, n being your the number of characters). So if you have a 10 character password (Like I do for my secure sites) the hacker would have to go through 1152921504606846976 different hashes before they would've found mine. (Assuming 100,000 hashes a SECOND, that's still 365,589 YEARS). So pretty much as long as your password is more than 7 characters or so (500 days of computation), you are in the clear

PS: Don't EVER test those programs with your actual password since it will show you the hash AND save it in the database.

Regards,
Patrick