Inertia. The fact that it works and has been tested extensively in production means more to many managers than security does.
(pause for collective gasp from the nerds)
Until it becomes a crime of some sort to use these simple, well-tested hashes to store passwords and the world police begin locking-up CIOs because of it, then don't expect anything to change.
You're responding to an argument I never made. I'm not surprised MD5 is used in the wild, nor confused about the reasons why. And hell, it's a step up from plain text, which is probably even more common.
I'm just surprised to read about its deficiencies on Hacker News as if it were news.
(pause for collective gasp from the nerds)
Until it becomes a crime of some sort to use these simple, well-tested hashes to store passwords and the world police begin locking-up CIOs because of it, then don't expect anything to change.