Re: BTC Guild - 0% Fees, Long polling, SSL, JSON API, and more [~2000 gH/sec]

Quote from: kjj on June 20, 2011, 03:15:14 AM

Quote from: Veldy on June 20, 2011, 02:58:20 AM

With all the layers it is almost irrelevant, but is the hash MD5 or something considered secure? MD5 has been deemed inferior for quite awhile now. It sounds like you use some unique way to make the salt and key very difficult to determine, and that implies encryption and not a one way hash like MD5 or SHA1. So, I am afraid that I did not quite follow what was hashed and stored in the database. Clearly running a lot of crypto and getting a hash of the result for every login would be expensive, do that is why I ask.

The weaknesses in MD5 are largely overhyped. It is still just fine when used in a salted + iterated password hash system. Even shitty old DES would be fine in this system, if not for the tiny keyspace.

Don't want to start a fight about password encryption types... but MD5 was not created to encrypt passwords... it was created to check data integrity. Don't forget the beautiful bruteforce rainbowtables you can download.

Personally I always use SHA256, which is barely decent.

I don't really care how BTCGuild encrypts my password... I can easily recover my account via eleuthria, as I log in with only 2 IP's Tongue

And the password is some random string generated by LastPass.