

Substandard crypto needlessly puts Evernote accounts at risk - radicaldreamer
http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/

======
pdubs
MD5? Unbelievable. I was relieved when I read salted and hashed on Evernote's
blog post, but trying to sell MD5 as even remotely secure is actively idiotic.
I'd rather get a "yeah we fucked up on the whole password storage thing" than
"yeah MD5 is secure". Give me a break...

~~~
gwern
I was particularly impressed that their Android client uses the ultra secure
XOR crypto scheme.

