

Compromising the integrity of the npm registry - adambrault
http://andyet.net/blog/2012/mar/8/compromising-the-integrity-of-the-npm-registry/

======
JoachimSchipper
Quote: "It took only 24 hours using an old spare machine to crack 25% of the
passwords. Very little effort or CPU power." Time for another "use bcrypt",
methinks.

~~~
evilpacket
Couchdb has an open ticket on this very issue, which is part of the problem.
The other part is the fact that they have really nonsensical configuration
defaults.

<https://issues.apache.org/jira/browse/COUCHDB-1060>

