My security conscious "Security Now!" listening side is actually sending you "password" as "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8" which is an SHA1 hash, as MD5 has been proven to be weak over the last few months.
Since the server doesn't really care what the hash is, I'd like to keep it as SHA1 in the interests of not engineering something that is questionable at design time!
OK - partly my fault.
My security conscious "Security Now!" listening side is actually sending you "password" as "5baa61e4c9b93f 3f0682250b6cf83 31b7ee68fd8" which is an SHA1 hash, as MD5 has been proven to be weak over the last few months.
Since the server doesn't really care what the hash is, I'd like to keep it as SHA1 in the interests of not engineering something that is questionable at design time!