Sending a hash is no different than sending a plain text password. Because the a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Retric on June 7, 2012 \| parent \| context \| favorite \| on: Md5crypt is no longer strong enough Sending a hash is no different than sending a plain text password. Because the attacker has complete control at their end and can just hack a client that sends that same hash even if they don't know the original password.

monkeyfacebag on June 7, 2012 [–]

Would it not be an aid to users in cases where they are reusing the same password on multiple sites?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact