this post was submitted on 28 Aug 2023
12 points (92.9% liked)
Sim Racing
904 readers
4 users here now
Discussing all things Sim Racing
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
fucking md5. which one of the devs thought this would be a good idea?
Seriously. MD5 is in no way secure. At the very minimum it should have been encrypted with an algo that isn't already broken. Pretty disappointed in the TP devs TBH. That's not an oversight, that's a complete and utter disregard for the safety of their users information
What's crazy is that I think this service was developed after md5 was shown to be widely compromised (2011-2012). Not 100% sure though, I wasn't able to find an exact release date.
Even so, after it was cracked that should have been the #1 priority to fix. There’s absolutely no way it’s acceptable that they haven’t fixed it 10 years down the line.
Unfortunutly there is no other service like it so they can afford to be lax cause you know. Who else is going to do it? Be interesting if someone does get compromised and given the clear lack of effort in properly securing the personal data if they attempt to seek damages against TP
@BURN they should at least use bcrypt
That’s my go-to for any password encoding
Hopefully this gets iRacing to open up their oAuth portal to external apps and someone can develop something more secure.
It really shouldn’t be that hard. It’s an account management and CDN software, it honestly can’t be that hard to build a properly hardened version
@BURN yeah. MD5 for as long as I can remember is compromised.