17 Dec
2003
17 Dec
'03
11:17 p.m.
Dan Bailey writes:
No, but they're doing something that makes me very uncomfortable: As I read this, they're hashing the password and some other user information using MD4 then doing some proprietary permutations on that. Given their record with security, I'd rather they used straight MD4, rather than throwing in something that we can't analyze.
MD4 has been broken. I thought that was common knowledge. MD5 is still safe, of course. Perry