[cryptography] Adobe confirms customer data breach

Solar Designer solar at openwall.com
Fri Nov 23 01:22:50 EST 2012

On Mon, Nov 19, 2012 at 02:19:22AM -0500, Jeffrey Walton wrote:
> Has anyone come across a paper on how to migrate an existing database
> with, for example, unsalted MD5 hashes, to something more appropriate
> for 2012? Naively, I don't see why MD5(password) cannot be an input to
> an improved system. That is, MD5(password) is just a pre-processing
> step to a system built with cryptographic legos.

It can be, and that's what e.g. Drupal 7 did for upgrading raw MD5
hashes of Drupal 6 and below.  They're prefixing the encodings of such
upgraded hashes with a "U", so that they do not have to include the MD5
step when setting new passwords.

Now, I'd like to use this opportunity to refer to the slides from my
latest two conference talks, with the topic being password hashing
setups for Internet companies with millions of users (and passwords):


In the first one of these, I focus on comparison of existing hash types
(PBKDF2 vs. bcrypt vs. scrypt and a bit more) and on possible use of
specialized hardware for defense (HSMs and YubiHSM in particular, GPUs,
Xeon Phi, FPGAs).

In the second one, I focus on getting the maximum out of standard server
hardware - making use of tens of gigabytes of RAM and SSDs to make
offline attacks slower.

Here are the corresponding reddit comment threads:



More information about the cryptography mailing list