Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be very fast and efficient. With modern techniques and computer equipment, it has become trivial to "brute force" the output of these algorithms, in order to determine the original input.
Because of how quickly a modern computer can "reverse" these hashing algorithms, many security professionals strongly suggest against their use for password hashing.
[1]
This patch provides bcrypt functionality for storing passwords and also makes it possible to transparently update the stored md5 hash with the new hash.
Thank you very mutch for this helpfull pull request.
I just want to review the changes you have made and test it in my installations,
so please be patient
Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be very fast and efficient. With modern techniques and computer equipment, it has become trivial to "brute force" the output of these algorithms, in order to determine the original input.
Because of how quickly a modern computer can "reverse" these hashing algorithms, many security professionals strongly suggest against their use for password hashing. [1]
This patch provides bcrypt functionality for storing passwords and also makes it possible to transparently update the stored md5 hash with the new hash.