is there a free php forum with pluggable encryption, or something better than just an md5 hash?

it seems like phpbb, mybb, and vbulletin and others i come across all use md5. i'd like to d开发者_如何学Co integration with my main site's authentication with something more secure (sha or just the builtin crypt('password', "$salt")), but don't want to hack up a dependency to pieces so it becomes difficult to upgrade. Any ideas?

What's wrong with MD5? This is what's wrong: MD5 + one salt + another salt applied to a six-character password is breakable these days, with current PC hardware, in seconds, just by brute force alone.

Have a look at this SO discussion and also at this one here.

Then google bcrypt and glance at some of the references.

MD5 just does not do it.