Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

CRAM-MD5 and DIGEST-MD5 are terrible for exactly this reason; a similar argument is part of the reason nobody uses HTTP digest auth. Mitigating this vulnerability is part of the motivation for SRP, which is computationally hard to brute force and non-reversable.


Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: