MD5 is already compromised

nice tool, but using MD5 is not a good idea

http://en.wikipedia.org/wiki/MD5

US-CERT of the U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use,"[9] and most U.S. government applications will be required to move to the SHA-2 family of hash functions after 2010.[10]

The most important ways in which MD5 has been compromised are in the development of collision attacks and in the proliferation of rainbow tables. Neither, to my knowledge, has any bearing on SuperGenPass and its use of MD5. If you feel differently, I would welcome further discussion here. Thanks.

The biggest problem with using MD5 is that it's too fast to calculate. MD5, SHA1 etc. are all designed to be as fast as possible. That's not what you want in a password hashing algorithm; you want calculating the hash to be as slow as the user can reasonably put up with, without any shortcuts.

More details here: http://codahale.com/how-to-safely-store-a-password/

I believe MD5 'weakness' isn't quite applicable here.

The cracker must know that your resulting password was actually generated by SGP, and wasn't created manually and stored in something like 1Password, which you can't say only by the look of the generated password.

So the fact that you use SGP should currently be kept secret. This is indeed a weakness of the SGP -- once the cracker knows for sure that SGP was used, he can brute-force the resulting password.

Isn't the fact that you have to keep your algorithm secret kind of a serious problem?

Hear ye, hear ye: I use SuperGenPass! Keeping this a secret is not a significant security advantage, and one should not feel comforted by it.

A far, far, far more important strategy is the use of a strong master password. As discussed above, MD5 makes SGP vulnerable to brute-force attacks if the attacker obtains one of your generated passwords (and the domain for which it was generated).

Your master password should be at least as complex as the passwords generated by SGP. Ten case-insensitive alphanumerics provides 8.4 × 10^17 permutations, which would take 380 years to run through using the supercomputer referenced in Barry's link. Ideally, it should be more complex; symbols and special characters would take cracking right out of the realm of contemplation.

Remember, SGP is not a shortcut to security, it is a shortcut to complexity. Don't blow it with a weak master password!

The hash itself becoming compromised is almost certainly /not/ the weakest part of the system.  You are much more likely to have your master password stolen due to keyloggers/malware, javascript attacks, or (in the case of a single password) the site itself being hacked or subpoenaed.  Nevertheless, MD5 /is/ a broken algorithm.  It's very fast to compute in brute force attacks.  Software such as Whitepixel is able to achieve 33.1 billion hashes per second on a consumer GPU, and FreeRainbowTables has something like 3TB worth of precomputed hashes available.  Certain weaknesses in the algorithm also allow adversaries to eliminate large spans of possibilities before beginning an exhaustive attack.  

What an attacker would have to do in order to brute force the hash is try possible master passwords by running them through the same SuperGenPass process as you used (which involves hashing and base64 encoding it, at least 10 times, etc.), until it matches the password you used on the site.  

Hashes like SHA-256 and SHA-512 are more secure both because they have fewer weaknesses in the algorithm that can allow the outcome to be predicted, and because they are slower to calculate.  Key stretching methods can be applied to any hashing algorithm in order to slow down the computation process, and salt can be added in order to thwart rainbow table attacks.  Javascript implementations of the SHA family of hashes are readily available on the internet, and could be placed in SuperGenPass with little effort.  Although the current MD5 found in SuperGenPass is probably sufficient for most people, there really seems to be no reason not to switch over to a more secure algorithm within SuperGenPass.

Whitepixel: http://blog.zorinaq.com/?e=43
FreeRainbowTables: http://www.freerainbowtables.com/en/tables2/
Key Stretching: https://en.wikipedia.org/wiki/Key_stretching
Salt: https://en.wikipedia.org/wiki/Salt_%28cryptography%29
JS SHA implementations: https://code.google.com/p/crypto-js/ http://www.webtoolkit.info/javascript-sha256.html http://www.bichlmeier.info/sha256.html (and many more)

I will offer SHA-512 as an advanced option in the next version of SGP. However, it will be hidden by default. I do not want to complicate compatibility with a overflow of parameters.