>websites using MD5 to verify files.

>>59219875
>Website doesn't even have any hash or gpg verification

>>59219875
using pgp to verify a file instead requires being able to spread your public key in a safe, trustworthy way. For websites, pgp verification is broken from the start.

File: 1486548381326.jpg (29KB, 283x164px) Image search: [Google]

29KB, 283x164px

>>59219875
I still use md5 to hash passwords.

>>59219951
If you put your full key fingerprint on the website, you can. Sadly, most don't.

>>59219875
You're panicking over something that isn't a real threat any time soon. Sure, let's keep ahead of the curve, but not at the expense of looking like a jackass.

>>59219990
And how do we know for sure the information posted on the website wasn't verified? Https somewhat assures transit security, but what about server-side break-ins?

>>59220013
*wasn't altered / is genuine

>>59219987
>1997
>wasting time hashing instead of storing in plaintext

>>59220013
You can't unless you get it from them in person, but having the full key and fingerprint on the website is the next best thing.

>>59220013
Going by this logic you can never trust a key unless you get it in person from the fully ID' owner, and even then you can find weak spots. At some point you gotta take a risk, and full key + fingerprint is good enough, esp. if you have Certificate Pinning/OCS stapling up

File: secret password.jpg (6KB, 600x400px) Image search: [Google]

6KB, 600x400px

>>59220031
>not storing passwords in jpg files

>>59220133
>having a password at all

What, you have something to hide?

>>59220211
Mark, why are you posting as anonymous?

>>59220211
This. No one ever thinks of trying to leave the password field blank when hacking your account.

>>59220255
We should write passwords in unicode whitespaces and unprintable control chars!

>>59220133
my grandmother writes down passwords too, but she uses a physical book.