hunchentoot-auth is insecure, and should be removed

[duncan-bayne]

The library hunchentoot-auth is insecure. Per its documentation:

Note that the password is not directly stored in the
persistent storage, but rather the password is appended to a random
(per-user) salt (which is stored in the persistent database) and this
salted uesr name is then hashed using the MD5 hashing algorithm.

I've raised an issue on hunchentoot-auth, but in the meantime it should be removed from this collection.

[vindarel]

from the twit linked on the issue:

This is what MD5 hashes look like in hashcat calculating billions of possibilities per second: […]

and confirmation on "billions per second".

Thanks.