Use bcrypt for storing passwords instead of MD5
|Reported by:||Nicklas Nordborg||Owned by:||Nicklas Nordborg|
Description (last modified by )
This ticket replaces #1640. See http://codahale.com/how-to-safely-store-a-password/ for some background information.
We'll need to remove the 'Encrypt password' feature of the web client. We recommend that HTTPS is used if protection is needed.
To be able to upgrade an existing server we should store
bcrypt(MD5(password)). Since we already have the
MD5(password) stored the upgrade is simple.