Why Cursor Keeps Generating MD5 Password Hashes in 2026

TL;DR AI editors surface MD5 hashing from training data dominated by 2008-2014 tutorials MD5 hashes crack in milliseconds on modern GPUs -- any breach becomes full password exposure Fix: one import swap to bcrypt (Python) or argon2id (Node) -- no architecture changes needed I was reviewing a side project a friend built with Cursor. Flask backend, JWT auth, clean structure. It looked solid. Then I got to the password module. hashlib