I've got people in IRC telling me that MD5+rot13 is good enough, or to just use some SHA implementation. This was after I'd already espoused how trivial bcrypt was.
Seriously, there are people in here that don't understand the difference between encryption and hashing, don't understand the benefit of salts, think that there (is/should be) one "secure" salt.
The load of just absolutely false security information in here is startling.
Hm, I'd like to know more about why MD5+rot13 is good enough and also why they justify "good enough" over what could be argued as a "good" or perhaps very good solution, e.g. bcrypt?
The only thing MD5+rot13 would have going for it is that you couldn't just trivially google the hashes to get the reversal (as is the case in a disturbing number of cases). Of course this only lasts as long as they don't figure out that it's MD5+rot13.. I'd give that about 5 minutes tops.
Seriously, there are people in here that don't understand the difference between encryption and hashing, don't understand the benefit of salts, think that there (is/should be) one "secure" salt.
The load of just absolutely false security information in here is startling.