SHA1 is too fast to be secure

[Plazmaz]

s5 should really only be using bcrypt. Even when salted, SHA1 is considered insecure by modern standards.

[tjhorner]

si

[tylermenezes]

Yeah I don't know why I made it use sha1.

[tjhorner]

Should we make the switch to bcrypt next season? (obviously not right now, that would be horrible and would probably break many things)

[Plazmaz]

@tjhorner you REALLY need to get a development server if this is the case. With proper testing, it shouldn't be an issue to do it whenever.

[tjhorner]

We have (had?) a staging server, I think.

[tjhorner]

Otherwise I could just test locally

[tylermenezes]

@Plazmaz testing or not, we don't make major changes to critical production systems this close to CodeDay because edge case-problems often crop up, and we may not have the time to fix them.

[Plazmaz]

ah ok.