top | item 7906623

(no title)

PLejeck | 11 years ago

Hummingbird already offers an API through Mashape, which is infinitely more thorough than any competitor's.

Additionally, MAL has lots of minor bugs, and how can you trust a site that hasn't been maintained in 5 years to store your password correctly? 2009 was a scary place.

This is pure speculation, but I wouldn't be surprised if MAL is storing passwords as MD5+salt. They do just email it to you in plaintext when you register.

And recovery is a 6 digit pin, which is totally plenty of entropy.

discuss

shaldengeki|11 years ago

I can confirm that at least as of 2012 or so they were storing passwords as a salted md5 hash. I did point out to a staff member that this was not a good idea and was brushed off, so I assume this hasn't changed since then.

jhenkens|11 years ago

You register and login over HTTP. I would bet they just store it in plaintext. But does it really matter with the first piece of information, how they store your password?

mijoharas|11 years ago

ughhhh. I find it so hard to understand that this is still a thing that happens on the internet nowadays.