>websites using MD5 to verify files.
>>59219875
>Website doesn't even have any hash or gpg verification
>>59219875
using pgp to verify a file instead requires being able to spread your public key in a safe, trustworthy way. For websites, pgp verification is broken from the start.
>>59219875
I still use md5 to hash passwords.
>>59219951
If you put your full key fingerprint on the website, you can. Sadly, most don't.
>>59219875
You're panicking over something that isn't a real threat any time soon. Sure, let's keep ahead of the curve, but not at the expense of looking like a jackass.
>>59219990
And how do we know for sure the information posted on the website wasn't verified? Https somewhat assures transit security, but what about server-side break-ins?
>>59220013
*wasn't altered / is genuine
>>59219987
>1997
>wasting time hashing instead of storing in plaintext
>>59220013
You can't unless you get it from them in person, but having the full key and fingerprint on the website is the next best thing.
>>59220013
Going by this logic you can never trust a key unless you get it in person from the fully ID' owner, and even then you can find weak spots. At some point you gotta take a risk, and full key + fingerprint is good enough, esp. if you have Certificate Pinning/OCS stapling up
>>59220031
>not storing passwords in jpg files
>>59220133
>having a password at all
What, you have something to hide?
>>59220211
Mark, why are you posting as anonymous?
>>59220211
This. No one ever thinks of trying to leave the password field blank when hacking your account.
>>59220255
We should write passwords in unicode whitespaces and unprintable control chars!
>>59220133
my grandmother writes down passwords too, but she uses a physical book.