trollin what a long strange trip
DOTA 2 looked cool so I tried it and after ten minutes decided MOBA is the lamest sub genre of that lamest of all genres real time strategy. Good thing it sucked or I might have used their forums at some point.
The chat forums for Valve’s multiplayer fantasy battle game thing Dota 2 have been hacked, it appears. The security breach – which apparently happened on 10 July but has only just come to light via Leaked Source – exposed more than 1.9 million account records containing email addresses, IP addresses, usernames and passwords. …
MD5 is not worse than anything else for hashing passwords, as long as you add a large salt to prevent rainbow table attacks:
Two real reasons for not using MD5 for hashing the salted passwords is: 1) it's too fast 2) public relations as said here: Why do people still use/recommend MD5 if it is cracked since 1996?
Your correct statement about MD5 being too fast and unsalted aside (because that also goes for the SHA family) I would still stay away from MD5 for a non-technical reason: Public Relations. It's a drag to have to convince your boss or client of what you explain. And tons of technical guys (whose opinions are valued by the same people you are trying to convince) are also deluded. After all, there is plenty of 'proof' on the internet that support their conviction that MD5 should not be used because it was broken in 2004.
For the details, see also this excellent answer:
How to securely hash passwords?
Yep, read it!
For those who thought TL;DR conclusion nice summed up
Use bcrypt. PBKDF2 is not bad either. If you use scrypt you will be a "slightly early adopter" (not really true today as this was written like five years ago, would personally recommend scrypt).
I like Valve. I've always felt that Half-Life (the original) was the best computer AI ever developed. I love Steam. I feel it's the best software-vending platform in existence.
And now this. I am disappointed, Valve. Clean up your procedures, NOW. You're better than that.
“Businesses need to understand that hackers are utilising ever-more sophisticated tools and techniques, and basic encryption barely represents a challenge. Instead, they must adopt technology that provides robust encryption, scrambling individual packets of data at source, and incorporating granular access controls and policy management.”
Pretty incoherent. What does "scrambling individual packets of data at source" and "basic encryption barely represents a challenge" even mean?