Name: Anonymous 2018-05-31 18:51
ITT we discuss web security.
Don't use shitty short passwords? You only need 20 characters (0-9a-zA-Z) to reach 128 bits of security.when you have to use 56789 different passwords with 242475889 different retarded rules about what constitues a valid password, some of them will end up short and shitty unless your're are using a password manager. but that has some usability-related caveats too.
In fact, if your hashed password has been leaked, what is the point of protecting the actual password? Chances are that the rest of the information about your account have been leaked and tampered with. This is why you should use public key authentication instead.most places on the internet and even on the corporate intranets don't use pubkey though. mym'am SSH on a remote server does, but how many things accessible through a browser have that option?
Meanwhile MD5 is totally safe for things like self-signed certificates and password hashing. It is also safe if used with any algorithm that only needs preimage resistance such as Ed25519 or SPHINCS(+).