noems: <@cynosure> simply "... attacked the md5(lc($username)..lc($pass)) and md5(lc($username)...lc($pass..email..yada) tokens ..." noems: WTF. Ashley madison used bcrypt, but then concated the result with the login plaintext and put the bundle through md5. noems: <md5> kick out the jams, muthafukas. noems: yup. ramba, lamba, fa-fa-fa. noems: or something. they use bcrypt, but also md5 the plaintext... for good measure. noems: however, i can't see these guys getting sued. much. noems: This better not be an ad.