Serkan-devel
commented
6 years ago Who came to the idea to explicitly use md5 for hashing? It's even referenced in the whitpaper. I don't think I need to tell why md5 is insecure
Closed porthorian closed 3 years ago
Serkan-devel
commented
6 years ago Who came to the idea to explicitly use md5 for hashing? It's even referenced in the whitpaper. I don't think I need to tell why md5 is insecure
porthorian
commented
6 years ago I was a little surprised when, I saw that tbh. After all it is a deacentralized social network.
markharding
commented
6 years ago md5 is used here as it is just very lightweight unique id for the server side session. There's not really any security issue with using md5 here as there aren't really any attack vectors such as brute force attacks that would really do anything.
Passwords are hashed with bcrypt.
Serkan-devel
commented
6 years ago Fair enough
porthorian
commented
3 years ago Stale not needed
Changed md5 hash to sha256.