Re: Idea for securityfix in HTML

> Yes, but a lot of systems use MD5 hashes in databases, for passwords by
> example.

Storing an MD5 hash in a database gives no security against compromises of
the password in transit; it also gives little real protection if the database
is compromised, given that most real life passwords are vulnerable to
dictionary attacks and MD5 is a fast algorithm compared with, say, the
original Unix hash.

Received on Saturday, 16 November 2002 06:10:26 UTC