@dkf said in Compromising MD5/SHA1 hashed passwords:
@Groaner said in Compromising MD5/SHA1 hashed passwords:
that still doesn't answer my question as to why application user account credentials are so valuable when the attacker already has the entire database
Because many people use the same username and password for many services. The breach in one place may allow an attack in another more valuable location, despite that other service following many more proper security practices.
This thread has wandered a bit off from the topic. The question is how you can get the original non-salted password brute forced so you can reuse it in another service, like @dkf said here.
The original database that would have been already breached is irrelevant as that's already a lost cause but the damage can be extended by actually reusing a weak password that is weakly hashed on some other service, say, GMail or Hotmail which gives you a lot more valuable data.
People are now crazy about using SHA-82938 or something else but the question is do MD5 and SHA-1 actually pose the kind of security issue for sane salted passwords that they would be as insecure as being in plain text. Can we actually attack them in that way and if Moore's Law applies, how long would it take to get there?
Regarding the topic, because we assume salt we can rule out collisions as it would be very unlikely to hit a collision of
saltFoo when the actual salted plain text password was
saltBar so we do know when we find the real password by comparing the salt to the brute forced string and that's the real value of the attack.