#facestab chump Archives for 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015RSS

last updated at 2015-09-17 22:22

StackOverflow 2015 Developer Survey


noems: <@cynosure> simply "... attacked the md5(lc($username)..lc($pass)) and md5(lc($username)...lc($pass..email..yada) tokens ..."
noems: WTF. Ashley madison used bcrypt, but then concated the result with the login plaintext and put the bundle through md5.
noems: <md5> kick out the jams, muthafukas.
noems: yup. ramba, lamba, fa-fa-fa.
noems: or something. they use bcrypt, but also md5 the plaintext... for good measure.
noems: however, i can't see these guys getting sued. much.
noems: This better not be an ad.

Run by the Daily Chump bot.