On Tue, Apr 21, 2015 at 9:02 PM, Paul Wouters <paul@xxxxxxxxx> wrote: > On Tue, 21 Apr 2015, l.wood@xxxxxxxxxxxx wrote: > >> Despite the existence of RFC6151... >> >> http://www.loginwall.com/Solutions.php > > > 6151 only talks about MD5 Message-Digest and the HMAC-MD5. > > It does not include "MD5 encryption" :) > > Paul For this particular application, MD5 is not the weakest link in the chain, nor are the weaknesses in MD5 actually relevant. I would not use MD5 in any application simply because there are alternatives that don't require detailed explanation of why they are safe. But I am pretty sure that unless we are talking about machine generated passwords, an attack on MD5 is going to have a much higher workfactor than brute forcing the password space.