Forget about my old version.... I have read more articles, and I was doing it wrong. The salt should be random on every user, so no fixed salts !
This new code uses SHA256 encryption and a 64 character salt... this is super safe.
I have made the salting autoupdate... so no difficult migrations, if they login, the new, improved, password is generated.
I also made the minimum password length to 6 (was 4).
LINK to code: security 0623 v3
Again, this is AS IS... And I donate it to the Cotonti community (BEWARE THIS IS FOR GENOA: 0.6.23).
Please test all stuff first... I might have made mistakes ! (logging in and logging out is tested)
Run the SQL file to update the database first
Let me know your test results !
If all goes well this should really be in 0.6.24 !!! only a md5 is just NOT safe anymore !