Menu
I am preparing an app version of one of my websites.
The app requires you to log in in order to access your user account. This login process is done over HTTP not HTTPS, but the password is stored using MD5 and a few other hashes on my server.
Does this count as "encryption" within the app, and therefore require me to submit one of those Export Compliance forms?
Thanks for your help.
617
asked Dec 13 '25 06:12
I'm assuming you're referring to the US Cryptography Export restrictions. Those practically don't exist anymore. Even if they would exist, MD5 is a hash function, and does not encrypt (otherwise, there'd be an un_md5 function).
Also, if the ban still existed and would be applicable, your scheme is needlessly weak, so it would probably still be allowed, just as easily crackable 40 bit symmetric encryption algorithms were.
75
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
