[Proposal] Password customers. MD5 vs SHA1
Hello to everybody!
One of the things I consider less secure of Prestashop is when it sends the password to the customer via email. I think this should change.
Moreover, the MD5 encryption is less secure than SHA1, so, Why don’t change it?
I think security must be one of the maximum priorities for the project. Currently, there is a paid module that offers this functionality: https://addons.prestashop.com/en/website-security-access/11169-password-recovery-high-security-password-storage.html
What do you think?
Terrible! There is a reason why we have dropped support for anything lower than PHP 5.5. thirty bees uses PHP’s native
password_hashright from the start and rehashes md5 passwords at login.
You should also use the Php Encryption library for cookie encryption if possible (BO Page: Advanced Parameters > Performance) for some improved security.