Free open source CMS for designers
Free open source CMS for designers
Out of context: Reply #14
- Started
- Last post
- 15 Responses
- acescence0
"but the lookup would have to run on the md5 hash so only when the data is exposed is this a problem, it's not exposed"
tell that everyone who has had their databases compromised. it's happened to several people here alone. users reuse passwords. if I get your data, I can potentially own your users elsewhere. look at what just happened to gawker. it happens, it's easy enough to not be the point of failure, so what's the harm in a few more lines of code? if you insist on continuing to use md5, at least salt the passwords with a unique string and make rainbow attacks near impossible. this is security 101, your failure to grasp this is troubling. should I poke around the code some more?