Argument Against MD5 Authentication
by David Norman
For most software, exploits and intrusions are not a matter of if, but when. The average LAMP installation of a CMS stores hashes of passwords in MD5 format. When the software is exploited to expose the user password hashes, accepting hashed passwords for login then is the password, without a MITM attack.