Re: You brought up an interesting point
While base64 is an encoding and not crypto, I get your point. The rule of thumb I was taught is to stop when the cost of developing the crypto exceeds the value of the data. So as they were fined €20k, that would give them 2-4 developer months of time (less if they were HPCs). If it takes someone that long to type h=crypto.md5(password) then they are a VHPC.