On Wed, Jun 13, 2012 at 2:31 PM, Nikita Popov <nikita....@googlemail.com>wrote:
> Hi internals! > > Recent incidents have shown that even very large websites still don't > get how to do password hashing properly. The sha1 hashes used by > Linkedin et al can be easily cracked even by amateurs without special > hardware. > LinkedIn was using sha1?! Are you fucking serious?? I think it's time for me to change my password there to something I'm *not* using anywhere else lol. At this rate, tomorrow are we going to learn that Gmail uses md5 and that Facebook passwords are stored in plaintext files under the HTTP root?.... Anyway, BIG +1 on this RFC! --Kris
