I suppose you could modify bb_cookie.php file (function writeUserPwd() ) so it encodes using sha1 not md5... the length of user_password field in database should be made bigger to 40 symbols too.
But in general, all myths about md5 cracked IMHO could exist only in theory. Yes, if you're using simple passwords which consist of 2-4 letters they could be easily decoded even with brute force attack. However if your password contains more than 10 symbols, digits and some special sign, you could spend years of life decoding it.
So we have no plans changing this algorithm since forums are not the credit card system and everything you need to specify setting your password is a difficult phrase, that's all... like for any other regular system. |