[problemdomain]

The question of password hashing does not concern a password, it concerns passwords. This is a textbook case of being unable to see the forest for the trees. I'm actually astounded by how closely the idiom matches this case.

A simple MD5 hash is "about as bad as plaintext" because the vast majority of passwords will be trivially cracked if it's used, not because any one password will be cracked in a trivial timeframe.

masklinn was speaking against this background. You've created a whole other background that just isn't relevant to the real world issue of password hashing.

> Aside: I'm intrigued why you created a separate account just to press this position.

I created an account so I'd have one to respond to your comment with. The choice of name does not mean it's specific to this discussion, it was simply inspired by it. Again, you focus on an individual detail to the detriment of the big picture.

[pbhjpbhj]

>Again, you focus on an individual detail to the detriment of the big picture. //

Ostensibly the difference here is that you're looking from the administrative side (it appears) and I'm looking from the user's side.

As for "again". Surely using your regular account makes for a bigger picture as I could see where you're coming from, your general demeanour, your desire to argue incessantly around the point whilst not broaching the point itself, that sort of thing. From your side the choice of name as specific may well be "the big picture" but from anyone else reading the discussion you've removed a lot of out-of-band information that could be pertinent. Which to be honest makes me chuckle as you accuse me, probably rightly in this instance, of narrow focus.

>A simple MD5 hash is "about as bad as plaintext" because the vast majority of passwords will be trivially cracked if it's used //

With plaintext all passwords will be "cracked" in zero time. With MD5 good passwords will be expensive to crack. ROT-13 is about as bad as plaintext. MD5 IMO is better to a point that this claim was exaggeration.

So we'll go straight to the rub - you disagree that there was any exaggeration in that initial statement?

[problemdomain]

> I'm looking from the user's side

From the user's side, proper password storage practices mean your passwords are far less likely to be compromised.

> Surely using your regular account

Uh, and what "regular account" would that be? You assume much, but know little.

> you disagree that there was any exaggeration in that initial statement?

Yes.

[pbhjpbhj]

>proper password storage practices mean your passwords are far less likely to be compromised //

Indeed and considering I'm using 20 char mixed passkeys if they're hashed with md5 then they'll take zillions of times longer to reveal than plaintext ... oh wait, no they won't because plaintext is about as bad as plaintext - and you appear to believe that is from any perspective ...

So go on, 3 days must be plenty of time to read something that's about as bad as plaintext at remaining unread.

>You assume much, but know little. //

There is nothing certain, not even this. However pyrhonic absolutism gives sway to pragmatism in general conversation.

So, what, never post on HN, create a new account for each thread, enter comments direct to the db using a morse key ... what? I'd hardly call the assumption that you had an account that you used in the normal way to be massive.