from here |
So not only does the plaintext password completely eliminate any security offered by storing the MD5 hash (and there isn't much there), it actually provides attackers with a tool that could be used to help crack passwords from other sites. No need to try and figure out what that MD5 hash value corresponds to - if it appears in the database detailed at Have I Been Pwned then you can just look it up.
0 comments:
Post a Comment