Developers overwrote default password storage alghoritm PBKDF2 to MD5.

Don't know what PBKDF2 ist but it sounds secure.
Also, why the fuck would they use md5?
I don't need sleep, I need answers.

Should have overwritten to argon2

@Ranchu so you can give them their password back when they loose it. Duh

This reminds me of old times.

Minecraft servers that were open for cracked people usually had an in game password prompt. Young me thought It would work to lure the admin to my own server which had the same plugin but I changed the hashing algo to md5. Well he fell for it and signed on with the same credentials he used on his server where he was admin.

This was all before minecraft introduced uuids for players so I could easily change my name and use his pw to gain admin rights on the server.

I didn't do any harm there. We had an argument about how secure that login is and he challenged me to gain access to his account. :D

@PublicByte really that exists? Wow I stopped actively playing at around 1.6. Not sure when they introduced me the UUIDs though.

How easy is it to spoof an uuid? I doubt this works on servers that only allow legit accounts.

what year is it?

@PublicByte good to know.

@wannabe it is 2015+5;

@Ranchu you probably have seen it in WiFi settings of your router. But yeah it's had to find less secure hashing algorithms than MD5 especially unsalted it's like pain text

BCrypt anyone ? ;p

plain text solves all your problems