- This topic has 1 reply, 2 voices, and was last updated 1 week, 1 day ago by
.
-
Posts
-
I just want to ask out of curiosity, what are the advantages using the MD5 hash in API calls? If an attacker steals the MD5 hash, they can use it directly in API requests without reversing it. Or in this way avoids issues with special characters that might not be allowed in an API request?
Because it’s undesirable to store and use plaintext password. Worse than a stolen MD5 hashed password would be if the attacker obtains your plaintext password and can log in to your other accounts. It’s not possible to recover your plaintext password from its MD5 hash. This is similar to how Linux stores user passwords — it never stores the plaintext password, it only stores a hashed version, so if someone obtains the hash, at least they won’t be able to get the plaintext password and use it to log into your other accounts.
- You must be logged in to reply to this topic.