Thibault Fevry added the comment: Still, I believe letting people know password hashes is not very good practice, since every known website when they have have a security issue and have a risk that their database passwords hashes stolen ask their users to reset them. Sure it makes it *hard* and perhaps impossible given your hash/salt combination but it could not remain like that forever (md5 was once considered quite secure).
_______________________________________________________ PSF Meta Tracker <metatrac...@psf.upfronthosting.co.za> <http://psf.upfronthosting.co.za/roundup/meta/issue520> _______________________________________________________ _______________________________________________ Tracker-discuss mailing list Tracker-discuss@python.org http://mail.python.org/mailman/listinfo/tracker-discuss
