Passwords are saved with MD5+Salt. Thats... meh... ok.
But there are more robust solutions like bcrypt or argon2.
Consider to add a new encryption strategy for passwords.
Stages:
Add a new key "encryption" on credentials model that tells which encryption algorithm to use
Based on the encryption key decide which strategy to use when enc/dec passwords
Must study and validate new alternatives of enc/dec
You probably already know this (based on the fact you're using md5+salt), but I got the chills when I read the "/dec passwords" part 😂: you shouldn't be able to decrypt user passwords.
Passwords are saved with MD5+Salt. Thats... meh... ok. But there are more robust solutions like bcrypt or argon2. Consider to add a new encryption strategy for passwords.
Stages: