diff -uNr -x .svn mantisbt-1.2.0a3/admin/schema.php mantisbt-lab/admin/schema.php
--- mantisbt-1.2.0a3/admin/schema.php	2009-01-15 17:04:51.000000000 +0100
+++ mantisbt-lab/admin/schema.php	2009-02-28 23:55:02.000000000 +0100
@@ -301,7 +301,7 @@
   username 		C(32) NOTNULL DEFAULT \" '' \",
   realname 		C(64) NOTNULL DEFAULT \" '' \",
   email 		C(64) NOTNULL DEFAULT \" '' \",
-  password 		C(32) NOTNULL DEFAULT \" '' \",
+  password 		C(128) NOTNULL DEFAULT \" '' \",
   date_created 		T NOTNULL DEFAULT '" . db_null_date() . "',
   last_visit 		T NOTNULL DEFAULT '" . db_null_date() . "',
   enabled		L NOTNULL DEFAULT \" '1' \",
diff -uNr -x .svn mantisbt-1.2.0a3/config_defaults_inc.php mantisbt-lab/config_defaults_inc.php
--- mantisbt-1.2.0a3/config_defaults_inc.php	2009-01-15 17:04:59.000000000 +0100
+++ mantisbt-lab/config_defaults_inc.php	2009-02-28 23:56:44.000000000 +0100
@@ -2149,13 +2149,21 @@
 
 	/**
 	 * login method
-	 * CRYPT or PLAIN or MD5 or LDAP or BASIC_AUTH
+	 * CRYPT or PLAIN or MD5 or LDAP or BASIC_AUTH or SHA256
 	 * You can simply change this at will. MantisBT will try to figure out how the passwords were encrypted.
 	 * @global int $g_login_method
 	 */	
 	$g_login_method				= MD5;
 
 	/**
+	* password salt
+ 	* Static salt for user passwords
+	* Make this as long and complicated as you can
+	* NEW PASSWORDS HAS TO BE GENERATED WHEN THIS IS MODIFIED
+ 	*/
+	$g_password_static_salt		= 'blowfish';
+
+	/**
 	 * limit reporters
 	 * Set to ON if you wish to limit reporters to only viewing bugs that they report.
 	 * @global int $g_limit_reporters
diff -uNr -x .svn mantisbt-1.2.0a3/core/authentication_api.php mantisbt-lab/core/authentication_api.php
--- mantisbt-1.2.0a3/core/authentication_api.php	2009-01-15 17:04:59.000000000 +0100
+++ mantisbt-lab/core/authentication_api.php	2009-02-28 23:55:03.000000000 +0100
@@ -340,6 +340,7 @@
 	$t_password = user_get_field( $p_user_id, 'password' );
 	$t_login_methods = Array(
 		MD5,
+		SHA256,
 		CRYPT,
 		PLAIN,
 	);
@@ -399,6 +400,11 @@
 		case MD5:
 			$t_processed_password = md5( $p_password );
 			break;
+		case SHA256:
+			$p_salt = config_get( 'password_static_salt' );
+			$t_processed_password = sha256( $p_salt . $p_password );
+			break;
+
 		case BASIC_AUTH:
 		case PLAIN:
 		default:
@@ -406,7 +412,7 @@
 			break;
 	}
 
-	# cut this off to PASSLEN cahracters which the largest possible string in the database
+	# cut this off to PASSLEN characters which the largest possible string in the database
 	return substr( $t_processed_password, 0, PASSLEN );
 }
 
diff -uNr -x .svn mantisbt-1.2.0a3/core/constant_inc.php mantisbt-lab/core/constant_inc.php
--- mantisbt-1.2.0a3/core/constant_inc.php	2009-01-15 17:53:27.000000000 +0100
+++ mantisbt-lab/core/constant_inc.php	2009-02-28 23:55:03.000000000 +0100
@@ -115,6 +115,7 @@
 define( 'LDAP', 4 );
 define( 'BASIC_AUTH', 5 );
 define( 'HTTP_AUTH', 6 );
+define( 'SHA256', 7 );
 
 # file upload methods
 define( 'DISK', 1 );
@@ -476,4 +477,4 @@
 # Lengths - NOTE: these may represent hard-coded values in db schema and should not be changed.
 define( 'USERLEN', 32);
 define( 'REALLEN', 64);
-define( 'PASSLEN', 32);
+define( 'PASSLEN', 128);
diff -uNr -x .svn mantisbt-1.2.0a3/core/custom_function_api.php mantisbt-lab/core/custom_function_api.php
--- mantisbt-1.2.0a3/core/custom_function_api.php	2009-01-15 17:04:52.000000000 +0100
+++ mantisbt-lab/core/custom_function_api.php	2009-02-28 23:55:03.000000000 +0100
@@ -196,6 +196,7 @@
 		CRYPT,
 		CRYPT_FULL_SALT,
 		MD5,
+		SHA256,
 	);
 	if( in_array( config_get( 'login_method' ), $t_can_change ) ) {
 		return true;