Monday, September 2, 2019

Best practice meets worst practice

from here

For all the good XKCD did in teaching people to use passphrases, they went and cancelled it out by using MD5 to hash them with. MD5 has been deprecated for over 20 years, and it was never good for passwords.

Thanks to Have I Been Pwned for raising awareness of both the breach and the bad practice.