View Single Post
Old 2009-06-23, 06:58   #3
lavalamp
 
lavalamp's Avatar
 
Oct 2007
London, UK

1,297 Posts
Default

Quote:
Originally Posted by soda View Post
At least pass the passwords as an MD5 checksum to the server this way it won't matter if it's passed in the url or not
Yes it will, since MD5 is broken, and SHA-1 is on shaky ground having had a significant theoretical break. SHA-512 or Whirlpool would be good though, and then a move to SHA-3 in 2012.
lavalamp is offline   Reply With Quote