Break my hash

I have had enough of hearing incorrect claims about just how insecure MD5 is for hashing passwords. Truth is that as of 2016 the only need for using anything stronger than MD5 to protect passwords is in order to protect weak passwords.

If a password is strong enough it can be protected by plain MD5 without salting or hashing and still remain secure for now. And it will likely remain secure for years to come.

To support my point I have hashed an email address using a variety of common algorithms and published the hashes of this email address in the table below. I offer a cash price of 100 euro to the first person to send an email to this address before the end of the decade.

MD5 417d1fa69b325ca176cb2ce6737fa2f4
SHA1 1f2389f24893104eeaa5fc6e32f9ec2913d65847
SHA224 ef192a5484dd01d4bc2819e950ea9152af64731d7ff74b14e1448534
SHA256 dc6fbf67b33c3c2e31c0491babec57deab700c9674c450e636eb0451efd5932a
SHA384 601ed5cbff4231f42eb58e0b0a96d4209f8370018fff136c12ac4895cf8db849152d1ad7bb13d3f88656720a48dc221c
SHA512 8f539a7708dd2221b6fa993a238671c010b6b35c833c56362a3a16c19b4b1984d6ec028ae8b991a0d8f7dbcf9bfcc97eef7132296517c074b907132ab007a44c
crypt MD5 $1$fezFrfXL$ZCz3P/5YLr4P0BKLQ8MoC/
crypt SHA256 $5$fezFrfXL$B1HUlxYEsX9jVnycSDLL60blMNAkD5zpWcH.rViuXh4
crypt SHA512 $6$fezFrfXL$w89bXU2XaroL0urx7ZLcuQKSFfZiXwV.Jql84ww6nUvuqq5.U.YQtghTwuWo5yMqOWrptCQxOM24vEOr.jFMS0

Does this mean that plain MD5 is an acceptable way to protected passwords? Of course not. It does however mean that if a plain MD5 of a password of a password is brute forced, then the service provider are both responsible for the password leak. The service provider is responsible for not using a stronger hash. The user is responsible for not using a stronger password.

Any system in use today should at the very least use a salted SHA2 hash for all new passwords. Anything weaker than that is irresponsible.

As for iterated hashing it will often be a compromise between two separate security aspects. Many iterations will be good for protecting passwords against brute force but bad for protecting your server against DoS attacks. Judge for yourself which of the two threats is more significant to you.

Much better protection of passwords than we have today would be possible if a new protocol was used to verify passwords. The server should never see the password, and the CPU intensive parts of the calculation should happen on the client side.