}
\item
+ \fail{}
Verify that cryptographic algorithms used by the application have been
validated against FIPS 140{-}2 or an equivalent standard.
\begin{result}
- The application uses MD5 for password hashing, which should be insecure by
- now.
+ The application uses MD5 for password hashing, which is insecure by current
+ standards
\end{result}
\notapplicable{