3 comments

[ 0.18 ms ] story [ 15.2 ms ] thread
Quote: "It took only 24 hours using an old spare machine to crack 25% of the passwords. Very little effort or CPU power." Time for another "use bcrypt", methinks.
It looks like "security in deployment" (aka sane defaults) is a concept difficult to grasp for the CouchDB devs. I wouldn't expect this from a project that claims it is passed over version 0.x.