vulnerabilities in password hashing

Question

The Python code attached receives the hash function of an input string (for example, the user's password) and generates a 156-bit Hash using MD5.What vulnerabilities that make password hashing unsuitable can exist in this code.

#
from Crypto.Hash import MD5
import binascii

def hash(msg):

# pad message to 16 bytes
if len(msg) < 16:
    msg = msg + (16 - len(msg)) * 'A'
    
# pick first 16 bytes
msg = msg[:16]

# converts message to upper case
msg = msg.upper()

# create MD5 objects
h1 = MD5.new()
h2 = MD5.new()

# hash two parts of message separately
h1.update(msg[:8])
h2.update(msg[8:16])

# concatenate the two hashes
h = h1.digest() + h2.digest()
return h

# print message
print(binascii.hexlify(hash("Hello, this is a great passphrase, and I am 
wondering if anyone can crack it")))

Answer 1

There has been a password handling protocol in Windows called LM (LAN Manager) that had similar flaws to what we see here. I kind of feel like solving a quiz question you were supposed to do yourself... but since I enjoy it, who cares.

Going from the top:

1. Padding is ok.
2. Picking first 16 bytes is not ok. You should never reduce the entropy.
3. Cutting in two is not ok. It's much easier to brute force 8 characters than 16 characters.
4. Upper-case is not ok. Reduces the entropy again.
5. MD5 is not ok for crypto purposes any more.

I think this is it.