Project talk:Backups

Don't make password hashes public! The scale of the badness depends on whether you are using salted password hashes, or plain MD5 password hashes. The difference is that with the salted ones, a hacker would only be able to extract the weak passwords with a few weeks of processing time, whereas with the old hashes he would be able to get even some strong passwords, if you had a few thousand users. -- Tim Starling 11:39, 4 Dec 2003 (GMT)