|Re: [jetty-dev] Can someone please shed some light on the security of password hashing offered in jetty?|
What i said was that finding a collision of an MD5 does nothing to help an attacker find the actual password. I think that point still stands, right?
Clearly just applying an MD5 to a plain password isnt sufficient.
But my understanding is that Digest (which uses MD5) hashed
passwords have never been retrieved from a database breach. Happy
to be corrected if anyone knows otherwise...
On 20/02/17 16:46, Edmond Kemokai wrote:
Back to the top