inejge
commented
6 years ago I agree that MD5 shouldn't be used for new passwords (and the same really goes for everything in the library except bcrypt), but my principal use case for the crate is verification of passwords against existing hashes on seriously obsolete systems where using anything more modern is infeasible.
Since the library is due for a refresh, I could mark all ancient *::hash() fns as deprecated, with an appropriate exhortation. I'm going to leave this issue open until I do so.
I really don't think this crate should even offer people to use it with MD5 hashes. They're insecure and shouldn't ever be used for password hashing.
The same could maybe be said for SHA-1 too but that's more debatable...