60% of MD5 password hashes are crackable in under an hour | Poal: Say what you want.

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2026 Poal.co

660

•

60% of MD5 password hashes are crackable in under an hour (www.theregister.com)

Archive: https://archive.today/7jMut

From the post:

>It’s World Password Day, and there’s really no better way to celebrate than with news that a majority of supposedly secure password hashes can be cracked with a single GPU in less than an hour, some in less than a minute. Using a dataset of more than 231 million unique passwords sourced from dark web leaks - including 38 million added since its previous study - and hashing them with MD5, researchers at security firm Kaspersky found that, using a single Nvidia RTX 5090 graphics card, 60 percent of passwords could be cracked in less than an hour, and a full 48 percent in under 60 seconds. Sure, that’s not exactly your run-of-the-mill desktop graphics processor given its price, but it highlights an important point: It takes surprisingly little to crack the average password hash. Aspiring cybercriminals don’t even really need their own 5090, Kaspersky notes, as they can easily rent one from a cloud provider and crack hashes for a few bucks.

Archive: https://archive.today/7jMut From the post: >>It’s World Password Day, and there’s really no better way to celebrate than with news that a majority of supposedly secure password hashes can be cracked with a single GPU in less than an hour, some in less than a minute. Using a dataset of more than 231 million unique passwords sourced from dark web leaks - including 38 million added since its previous study - and hashing them with MD5, researchers at security firm Kaspersky found that, using a single Nvidia RTX 5090 graphics card, 60 percent of passwords could be cracked in less than an hour, and a full 48 percent in under 60 seconds. Sure, that’s not exactly your run-of-the-mill desktop graphics processor given its price, but it highlights an important point: It takes surprisingly little to crack the average password hash. Aspiring cybercriminals don’t even really need their own 5090, Kaspersky notes, as they can easily rent one from a cloud provider and crack hashes for a few bucks.

[–] • 2 pts

There's a reason MD5 isn't used much anymore. Personally, I prefer SHA-512. Yeah, it will use more CPU cycles. So be it. We have fuck-huge CPUs. Not sure if there's a better one out yet, but that's what I usually go with for hashing.

link

[–] • 1 pt

Adding rounds to the hashing algorithm is what can make passwords effectively uncrackable. If it costs 1 second of CPU time to test a password even a GPU could take thousands of years to find a match. Some algorithms even let you increase the memory cost of running them. That is the big killer. A GPU can’t run thousands of iterations per second if each iteration requires 100 MB of RAM.

The problem is that you cannot control the algorithm strength on online services that you use. You’re lucky if some of the software out there even encrypts your password.

Speaking of idiots:

Passwords should be paired with a second factor, preferably biometric, said Gunner, because it’s the most difficult for hackers to bypass.

No. Never use biometrics. They will be cracked and then your access is forever open because you cannot your biometrics.

parent
link

[–] • 1 pt

Right, good luck changing your fingerprint. I tried that once. Hurt like hell.

parent
link