ZDNet

A quarter of major CMSs use outdated MD5 as the default password hashing scheme

Some of the projects that use MD5 as the default method for storing user passwords include WordPress, osCommerce, SuiteCRM, miniBB, SugarCRM, CMS Made Simple, MantisBT, Phorum, Observium, and X3cms.
Ars Technica

Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in ...
Computerworld

Making a hash of passwords

After so many high-profile data breaches, it’s time developers learned that storing passwords is a really bad idea. And there is a perfectly workable alternative. Last week, I went to a project ...
CSOonline

Hashing explained: Why it’s your best bet to protect stored passwords

Hashing is a one-way cryptographic function while encryption is designed to work both ways. Encryption algorithms take input and a secret key and generate a random looking output called a ciphertext.