Hi there,
while using the API, I figured out that passwords for internal users are stored as md4-hashes.
According to Wikipedia: "As of 2007, an attack can generate collisions in less than 2 MD4 hash operations" [1]. That was 10 years ago...
Is there any possibility to change the hash algorithm to something useful / secure?
I know that I can use alternative authentication backends, but that's explicitly not what I want.
Thanks in advance.
Best,
Alk
This thread was automatically locked due to age.
