A password of 20 random ASCII characters has more than 130 bits of entropy. Such a password cannot be cracked, even if MD5 is used. His password either was not random at all, or someone stole it from him (keylogger, note etc.).
By the way SHA2 is not really slower than MD5 at all. It is even designed to be fast. The cracking of passwords is hard because of the exponential search space, not because of the algorithm speed. 128 bits are impossible to brute force, so even MD5 is safe in this regard. It is vulnerable to collision attacks, but that does not help with password cracking.
Because of this, KDF slowdown is snakeoil for many applications. The complexity of the password is more important than the slowdown of the KDF function. However, it makes a practical difference so your recommendations are still valid for disk and file encryption.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2023-04-18 11:59 am (UTC)By the way SHA2 is not really slower than MD5 at all. It is even designed to be fast. The cracking of passwords is hard because of the exponential search space, not because of the algorithm speed. 128 bits are impossible to brute force, so even MD5 is safe in this regard. It is vulnerable to collision attacks, but that does not help with password cracking.
Because of this, KDF slowdown is snakeoil for many applications. The complexity of the password is more important than the slowdown of the KDF function. However, it makes a practical difference so your recommendations are still valid for disk and file encryption.