When browsing MySQL forums, I came across posts that mention that md5 is considered broken as it has been cracked and sha1 should be used for password encryption. I believe MiniBB uses MD5. Can anyone tell me whether MD5 is less secure than Sha1? Will MiniBB change to sha1 in future versions?

I suppose you could modify bb_cookie.php file (function writeUserPwd() ) so it encodes using sha1 not md5... the length of user_password field in database should be made bigger to 40 symbols too.

But in general, all myths about md5 cracked IMHO could exist only in theory. Yes, if you're using simple passwords which consist of 2-4 letters they could be easily decoded even with brute force attack. However if your password contains more than 10 symbols, digits and some special sign, you could spend years of life decoding it.

So we have no plans changing this algorithm since forums are not the credit card system and everything you need to specify setting your password is a difficult phrase, that's all... like for any other regular system.

Paul, what you say makes sense and I agree to it. Thanks.