I think we should do something about the bait-y titles on HN in general. Titles should be descriptive and succinct.
Maybe a better title here would have been "bcrypt's use of MD5 makes it insecure compared to scrypt". (I don't know how to best word the title; I would have not submitted the article, since I'm not an expert on security.)
I think we should do something about the bait-y titles on HN in general. Titles should be descriptive and succinct.
Sometimes the same story is posted multiple times. One post will have a bait-y title and the other will have a boringly accurate and truthful title. Of those two, one of them always disappears with 3 or 4 votes and the other climbs the front page charts. Exhibit A:
A Comparison of Approaches to Large-Scale Data Analysis: MapReduce vs. DBMS
vs.
Parallel DBMSs faster than MapReduce
Then there are the science articles with accurate titles and hypetastic titles. Exhibit B:
Long-Distance Teleportation Between Two Atoms Achieved
vs.
Scientist Teleport Matter More Than Three Feet
So, it's not like the descriptive titles aren't already there waiting to be promoted, it's just that hyperbole always wins in the marketplace of up-arrow clicks.
In case Colin's response wasn't clear enough: bcrypt doesn't use MD5 at all. It's a hack that uses Blowfish (an algorithm that is notoriously slow to "start up") where old Unix used DES, and tweaks the algorithm's startup to make it tuneably slower.
It's a hash function with a crypto-strong drag factor. A massive improvement in MD5's speed would be a win for MD5. bcrypt (and scrypt) are designed to stay on the opposite side of that tradeoff.
Maybe a better title here would have been "bcrypt's use of MD5 makes it insecure compared to scrypt". (I don't know how to best word the title; I would have not submitted the article, since I'm not an expert on security.)