Join GitHub today
Password hash is very weak #386
The hash function used for passwords is very weak: it ignores casing for passwords, and uses MD5 which by now is very outdated. This puts users (as in admins, analysts and so on) at a privacy risk if the database is leaked.
The current state-of-the-art is bcrypt with a reasonable cost factor.