Secure Hashing of Passwords
Numerous breaches happen every day due to security vulnerabilities. On this blog, I have previously analyzed some of the biggest breaches that have been made public. All of them serve as a testament to the inadequate security many companies employ. The Time it Takes to Crack a Hash I often get asked: "How long does it take to crack an MD5 hash?" - implying that the cryptographic hash algorithm is the most important factor, which rarely is the case. It actually depends on a couple of factors, which I've ordered in descending importance below: The length of the password The charsets used in the password The amount of hardware you have The methodology you use for cracking Secure Passwords Password lengths alone are not enough, you also have to use a good charset to control the search space hackers have to go though. Let's make an example to show how much the search space changes: Charset = a-z, A-Z, 0-9 Length 6: (26+26+10)^6 = 56.800.235.584 Length 7: (...