Earlier this week I was looking into RESTFUL web services and how to create them, so I set myself a small project. The idea was to do something very basic, but that could be useful for someone rather than just a proof of concept. i had no real direction. With the news recently being about Apple locked in a battle with the FBI about whether or not they should be breaking their security for the FBI to access data on a particular iPhone, I started thinking about how much bad security I have seen in software applications over the years. From this, I decided to build a web service which would take a hash string, and provide the original string for that hash where possible.
I've implemented that now, and the fruits of that can be found over on my Reverse Hash (no longer available) page. It's not massively elegant, and I'm already planning version 2 of the API where it's seriously refactored.
All too often we hear about websites which have been hacked and had their user details stolen, and then that information is available for the world to see. Even if the passwords have been hashed in some basic manner, it's only a matter of time until they are revealed. Some could be millennia, others could be a couple of minutes. What's even more worrying is that despite these repeated security compromises, there's a huge abundance of questions on Stack Overflow where people are using the MD5 hash to "secure" their passwords. Questions like this one, this other one, and the answer to this one. There's one I found on a quick search where they are, at least, double MD5ing, and using a form of salt. That's a bit better, but still not great.
Why are common hashing functions such as md5() and sha1() unsuitable for passwords?
Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be very fast and efficient. With modern techniques and computer equipment, it has become trivial to "brute force" the output of these algorithms, in order to determine the original input.
Because of how quickly a modern computer can "reverse" these hashing algorithms, many security professionals strongly suggest against their use for password hashing.
How trivial is it to actually brute force the passwords? Well I've been running through some generation scripts for a few days on really unoptimised code, and an old Intel i7 processor, as well as building a list of hashes from some leaked password dumps easily found online only through this week, and I currently have 12.25 million unique hashes with zero collisions so far (I wasn't expecting any). If a site you use utilises a simple MD5 or SHA1 hash to secure your password and their database is compromised, your password may be discovered by someone visiting my reverse hash page. You therefore need a much better password than you currently have!
If you are a developer and are using SHA1 or MD5 as your hash, try running a few passwords through the reverse hash page. Some of the passwords might well be simple 'password' or 'abc123' types, but they could be something a lot more complex or with a length which makes people think they are secure. They aren't, and you shouldn't be using the algorithms you are. Change your system security!
Security is an often talked about item, but a very little understood part of development which people think is easy. Good security isn't always easy, but it's certainly worth the effort in the long run. Do it properly!