Replace MD5 with SHA512 and BCrypt

[RoiEXLab]

I noticed, that TripleA is still using MD5 checksums. According to this Stackoverflow question it shouldn't be too diffifcult to use SHA256 instead... The difficulty would be to change the servers passwords of course... But for new Users? Thoughts?

[RoiEXLab]

EDIT: #828 implements a unused SHA512 class...

[DanVanAtta]

A possibility for migration:

• update DB to have a SHA512 column
• update the login to first send a SHA512
• if no login, then we send a MD5 + SHA512
• if the login is successful:
  • add the SHA512, delete the MD5

Then eventually we should stop seeing MD5s in the system.

[RoiEXLab]

The question is, should we use Salt or double hashing for the passwords? Or Both?

[RoiEXLab]

Or as mentioned in #828 we could use some hashing Algorithms especially made for passwords like bcrypt for a bonus security - would require a new library though

[DanVanAtta]

sha512 is an upgrade as is, bcrypt seems like gravy. Go for it if you want.

But, we need to be sure we can integrate this well. For example, the tripleawarclub DB might potentially be shared with the one used by lobby. Perhaps not, but IIRC there is some sharing there.

[RoiEXLab]

AFAIK the MD5 class is not only used for Passwords... My suggestion would be to replace the password hashing with bcrypt and all the other "no-need-for-absolute-secureness" stuff with SHA512 since it's faster than MD5 (especcially when users want to join the lobby with MAC adresses and stuff) Therefore added a dependecy to #828 and set the MD5Crypt class as Deprecated

When tripleA will be using the bcrypt preffered to MD5, I will probably remove the @Deprecated annontation or add a @SuppressWarnings("deprecation") for the fallback code...

[DanVanAtta]

See https://github.com/triplea-game/triplea/issues/1041 for further follow-up.