We recently posted about the VTech hack, in which millions of user account details were stolen from the Chinese toymaker. We noted that account passwords were hashed using MD5, making it easy to retrieve passwords.
The BBC has just posted an article giving further details, confirming that a weak hashing algorithm was used, and giving a good explanation of why this is little better than storing passwords unencrypted.
We discussed this some months ago, noting the importance of using a password "salt" - a known series of bytes that is appended or prepended to the password prior to hashing. If every password uses a different salt, precalculated "rainbow" tables for hashing algorithms cannot be used, meaning much more CPU time is required to reverse engineer passwords.
Password salts aren't enough, though, because MD5 is now considered to be broken - even with salts it isn't too hard to retrieve passwords. SHA-2 (also known as SHA-256) is much better, but there's a far superior solution, known as PBKDF2.
PBKDF2 uses a supplied hash (such as SHA-1 or SHA-256) as part of its algorithm. But instead of hashing the combination of salt and password once, PBKDF2 performs the process thousands of times. Consequently, it is thousands of times slower than a single hash. This slowness is not significant when it comes to a user logging in and verifying their password, but it makes the process of reverse engineering passwords impractical.
Ideally PBKDF2 with SHA-256 should be the standard for password hashing - an iterative process that uses a robust hash algorithm. There may come a time when companies are sued for using anything less. CompleteFTP uses PBKDF2 with SHA-256 from version 8.5.0.
Update: apparently someone has been arrested by police investigating the hack.