Unsecure Passwords Just Got More Unsecure, Cracking Them Now Even Faster

A new method of cracking passwords hashed with SHA-1 (Secure Hash Algorithm) made the relatively unsecured algorithm even less secure by greatly decreasing the time and computing power necessary to crack it. The news came out of the Passwords^12 conference in Oslo, Norway, which focused on password and PIN code security. It might be a good time to change your password, or more importantly change the way your passwords are stored.

Recommended Videos

The SHA-1 is an algorithm that converts the text of a password like “GlenIsCool” into a long string of numbers and letters that look like this “39c395450e543c7d2a6caed5eac2f73a7ae591ca.” This allows passwords to be stored in a more secure way than just a list of the actual passwords. The purpose of a hash algorithm is that it should be impossible to convert “39c395450e543c7d2a6caed5eac2f73a7ae591ca” back to “GlenIsCool” mathematically. To crack the hash, a computer would input random passwords into the same algorithm until it got a hash that matched the one generated by the real password.

In theory, that makes for a very secure storage option, but when 6.5 million password hashes were stolen and released from LinkedIn in June, a security researcher needed only six days to crack 90% of the list. The new method of cracking SHA-1 makes it even faster.

Officially there are 1,448 steps for converting a password to an SHA-1 hash, and the lower hackers can get that number, the faster they can crack the hash to get the password. The number had already been reduced to 868 using special equipment and techniques. The new method by Jens “Atom” Steube, developer of the Hashcat password recovery program, announced at Passwords^12 lowers the number even further to 734 — nearly half the official number.

The hashes generated are stored by whatever service you find yourself logging into. There are, of course, other, more secure algorithms being used today, but SHA-1 is still hanging on. It comes down to how much you trust an online service with protecting your password with a secure algorithm.

Oh, also, “GlenIsCool” is my real password. Please don’t tell anyone. I know I can trust you, Internet.

(via Ars Technica, image via Dev.Arka)

Relevant to your interests


The Mary Sue is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
related content
Read Article Photoshop’s Updated Terms of Use Have Everyone Upset About Privacy and AI
Headache, night and a business woman in the office with burnout or neck pain during overtime work. Stress, deadline and pressure with a young employee in the professional workplace on a dark evening
Headache, night and a business woman in the office with burnout or neck pain during overtime work. Stress, deadline and pressure with a young employee in the professional workplace on a dark evening
Headache, night and a business woman in the office with burnout or neck pain during overtime work. Stress, deadline and pressure with a young employee in the professional workplace on a dark evening
Read Article ChatGPT Voice That Sounds Like Scarlett Johansson in ‘Her’ Shut Down Following Backlash
joaquin phoenix wearing glasses with a mustache in her
joaquin phoenix wearing glasses with a mustache in her
joaquin phoenix wearing glasses with a mustache in her
Read Article Surprising No One, All 3,878 of Elon Musk’s Cybertrucks Are Being Recalled
Elon Musk during a T-Mobile and SpaceX event
Elon Musk during a T-Mobile and SpaceX event
Elon Musk during a T-Mobile and SpaceX event
Read Article ‘Mamma Mia!’ Star Sara Poyzer Says a BBC Production Replaced Her With AI
Sara Poyzer performs at the Magic at the Musicals event in 2019
Sara Poyzer performs at the Magic at the Musicals event in 2019
Sara Poyzer performs at the Magic at the Musicals event in 2019
Read Article In Moment of Unbelievable Irony, Midjourney Accuses Stability AI of Image Theft
Spider-Man pointing at another Spider-Man, who is pointing back.
Spider-Man pointing at another Spider-Man, who is pointing back.
Spider-Man pointing at another Spider-Man, who is pointing back.
Related Content
Read Article Photoshop’s Updated Terms of Use Have Everyone Upset About Privacy and AI
Headache, night and a business woman in the office with burnout or neck pain during overtime work. Stress, deadline and pressure with a young employee in the professional workplace on a dark evening
Read Article ChatGPT Voice That Sounds Like Scarlett Johansson in ‘Her’ Shut Down Following Backlash
joaquin phoenix wearing glasses with a mustache in her
Read Article Surprising No One, All 3,878 of Elon Musk’s Cybertrucks Are Being Recalled
Elon Musk during a T-Mobile and SpaceX event
Read Article ‘Mamma Mia!’ Star Sara Poyzer Says a BBC Production Replaced Her With AI
Sara Poyzer performs at the Magic at the Musicals event in 2019
Read Article In Moment of Unbelievable Irony, Midjourney Accuses Stability AI of Image Theft
Spider-Man pointing at another Spider-Man, who is pointing back.
Author
Glen Tickle
Glen is a comedian, writer, husband, and father. He won his third-grade science fair and is a former preschool science teacher, which is a real job.