I’m not sure I understand the question: most places where you try a password you don’t get an offline MD5-speed oracle. So two ways: it’s faster than say cracking a PBKDF2 dump, and it’s offline, unlike, I dunno, a web password prompt.
You’re right that you can imagine passwords that you still can’t enumerate. But suggesting that people have a non-reused memorized 120 bit password is, uh, optimistic.
Or it's just their local password with keychain-integrated ssh-agent so they never type anything. I think the chances of that (which is sort of the premise of this post) are much, much higher.
A password manager is not 'normal' but it's common enough that you shouldn't be classifying it as negligible to conclude that these passwords are worse than nothing.
Also the 120 bits was an example and a good amount more than necessary. A 12 character password isn't exactly standard but it's not ridiculous to expect. Once you exclude the passwords that are so bad even bcrypt can't save them, the number of users where the password algorithm makes a difference starts to look a lot smaller than 100%.
I wasn't sure I did understand the attack vector correctly and if there are some known vulnerabilities that make cracking this MD5 approach faster than brute-force.
In other words I wanted to know, if my SSH keys with md5 algorithm are fine, if I use a high entropy pw (which I do, especially for my ssh keys).
Sure some people will use short and reused passwords for ssh keys, but the persons using password protected ssh keys are way more informed about security than your average user. Password statistics are usually based on pw database leaks of your average user and/or sites that are not worth protecting.
There is an interesting short paper about password meters (I'm traveling without a laptoo right now, but can link it later) that found out people cared more about the strength of their password, if the login it's protecting is more important.
Combining these two points I think the percentage of ssh key users that use at least 12 character passwords is rather high, but of course I have no evidence. I spoke however about prod pws with some devs at my company and the answers ranged from 12 to ~20 chars and completely randomized 40chars in pw managers. Nothing especially short. You can also copy your ssh key pw from a pw manager.
You still make a good point in your article and using MD5 is not ideal, but I was missing information for the evaluation of risk I'm in. High enough entropy passwords seem not only better than plaintext, but actually still safe to me when MD5 is used.
Why not uses a decent work function and not have to remember so many chars? I'm keeping track of >20 high complexity passwords that mostly rotate regularly, and my brain is full.
Anyway, it doesn't matter that your password is ygGucg,guc52f when your colleague's is bigbum99.
If you have so many passwords, why not use a password manager?
Also there are some ways to create memorable and long passwords. E.g. I'm using short pictureable phrases and their translation in another language, sometimes adding a numeral if required. Example: "2YellowChopsticksZweiGelbeEssstäbchen" (even with spaces if allowed)
Very easy to remember for me, very high entropy, decent entropy if the pattern is known and requires a hand-crafted dictionary attack that even needs decent translation. E.g. in the example above chopsticks has two common German translations and the ä can also be written ae. Bonus points if you use it for a language you are currently learning.
The passwords are on different systems, you sit at a console. You have to change them regularly. I can use long DICEWARE style passwords for SSH, but I'd rather just have it use scrypt.
Though I have thought of having a mechanical typing device, actuators for each key, that would just type them for me. But it would be conspicuous.
I do use keepass for all the hundreds of other passwords where possible.
You’re right that you can imagine passwords that you still can’t enumerate. But suggesting that people have a non-reused memorized 120 bit password is, uh, optimistic.