I dislike circuit breakers.
And unsalted md5 was work of the previous owner, the new owner immediately added salt to md5 (while preparing a new site).
Someone know the exact rules of password to claim account? I am making more and more absurd passwords, 20 character long and using characters that I never used before (And I am not likely to remember) and it still say my password is not secure enough.
Do you also dislike accounts being hacked and a good chunk of the bitcoin economy being sold off in five minutes? Which one do you dislike more, because a circuit breaker that automatically stops trading if the market moves by, e.g. more than 5% in 30 minutes (which has probably never happened except yesterday) would have stopped this whole fandango after just a few thousand dollars worth of coins were sold, instead of millions.
"avoid using the MD5 algorithm in any capacity. As previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use" [
US-CERT]. Salted MD5 is as close to useless as unsalted, using md5 for password hashes on a large banking site handling millions of dollars of other peoples money is incredibly negligent and utterly incompetant.
I had to include Caps, punctuation, a number, and make it almost 20 characters long before mtgox accepted my new password.