DAILYHOSTNEWS, October 23, 2011 – Despite encrypting databases, small businesses are leaving customer data open to hackers. Research has shown that even long passwords can be cracked in a few seconds.
Testing by hosting specialist UKFast has revealed that using industry-standard hashing algorithm MD5 to protect data still allows for a seven character password (of lower alphabet and numbers) to be cracked in 7 seconds. If a more secure encryption method such as SHA 256, it would take up to seven times longer to brute force crack the same password.
The tests call into question the security of customer data stored by SMEs, who often do not have the luxury of in-house IT teams or the technical knowledge to properly secure their customer databases.
In his remarks, Neil Lathwood, technical director at UKFast, explained: “Many small companies are trying to protect their customer data on their own or outsourcing their IT and relying on the skills of another company to secure their customer data. What these companies may not be aware of is that some methods of encryption are significantly less secure than others.”
“With the emergence of brute force password cracking using Graphics Processing Units (GPUs) for extra fire power, the need for strong encryption algorithms has become more important than ever. The MD5 algorithm is so weak that no one should be using it as their only encryption method – a normal PC without the extra GPU fire power could even crack the MD5 code.”
Lathwood further explained that “Using an encryption method like SHA256 rather than MD5 would still allow the hacker to decrypt the information but it takes significantly longer. For example, a seven character password (of any digit, letter or symbol) would take 1 hour, 40 minutes to crack when encrypted with MD5 but would take 12 hours, 53 minutes when encrypted with the S/HA256 method.”