Security fundamentals course - strong objections to Ashley Madison story time?
David A. Wheeler
I propose adding to the fundamentals security course an example
using Ashley Madison. You can see the proposed text here:
The full story is far more complex, and I'm no fan of their business model.
However, it's a *really* good example of the problems of using MD5
to store passwords instead of more appropriate solutions like bcrypt or argon2id.
So I'd like to include it, but I'd like to hear from others.
--- David A. Wheeler