Comment 5 for bug 316438

OK - partly my fault.

My security conscious "Security Now!" listening side is actually sending you "password" as "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8" which is an SHA1 hash, as MD5 has been proven to be weak over the last few months.

Since the server doesn't really care what the hash is, I'd like to keep it as SHA1 in the interests of not engineering something that is questionable at design time!