Stronger password hashes

[Lartza]

When trying to find a way to add admins by letting them set their password I rummaged around the code and data a bit, and currently the admin passwords are non-salted SHA-1 hashes...

Maybe a more secure way should be implemented?

[Duckle29]

definetly need a more secure one. I'd recommend something like a salted sha512 or whirlpool. I might try and make a pull request.

[Duckle29]

At the current time, I'm not good enough with PHP to work that into mumpi, in a backwards or upgradeable fashion. Instead I'll leave a piece here:

function randString($strLen = 64, $seed = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()')
{
    $seed = str_split($seed); //Turn the seed into an array
    shuffle($seed); //shuffle it (probably redundant)
    foreach(array_rand($seed, $strLen) as $key) //return strlen ammount of random indexes in the array seed, and pass them as keys into the foreach.
    {
        $randString .= $seed[$key]; //append the random character to the string
    }
    return $randString;
}

That's the function I would use to generate a salt

[Kissaki]

Yeah, I agree. There is no reason not to use a more secure hashing algorithm.

[Kissaki]

PR #59 implements a stronger PW mechanism with PHP 5.5s native methods.