0021859: Passwords using MD5

ID	Project	Category	View Status	Date Submitted	Last Update
0021859	mantisbt	authentication	public	2016-11-04 13:32	2016-11-15 02:31

Reporter	IanM	Assigned To	atrol
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	duplicate
Product Version	2.0.0-rc.1

Summary	0021859: Passwords using MD5
Description	Why are passwords using MD5? Even by default they should (in my opinion) be hashed with a salt. In config_inc I have added $g_login_method = 'CRYPT'; And now they are storing passwords in plain text
Steps To Reproduce	Install rc.1.
Additional Information	http://i.imgur.com/AMw5yzf.png http://i.imgur.com/PrGsUZB.png
Tags	No tags attached.

IanM 2016-11-04 13:44 reporter ~0054415	It seems that it should be a constant rather than a string (duh). But even so, is there any reasoning behind using MD5 by default as it's not secure at all.