[thisacctforreal]

Note that a it’s an entirely different story with a “real” kdf like scrypt or bcrypt.

MD5 and SHA are specifically designed to be fast to compute, they shouldn’t be used for passphrases.

Figured I’d bring it up in case there’s still PHP floating around with the once-typical practice of MySQL + MD5.