moondream wrote: The current hashing scheme could be considered as an aid for the administrator not to read the passwords by accident when he browses through the db. Plain md5 is no longer secure against collision and wordlist attacks.
MD5 has never been secure against wordlist attacks if the wordlist encompasses the password. Passwords which are long enough are computationally infeasible to break with simple brute-force attacks. The collision issue is still mitigated for now in that the end-product is a 1024-bit (128-byte) result that is not applicable to phpBB, since it limits the password length to less than that (32 characters, IIRC). Whether this remains the case is yet to be seen, but given how quickly it crumbled, I don't like the idea of 'wait and see.'
SHA1 looks to be headed down a related path, too, but adding in other options starts to get more complex since other major algorithms only started appearing with the hash() function around 5.1.2.
(NOTE: even phpBB2 is not completely compatible to the Olympus md5 hash)
What changed in how the hash is handled between v2 and v3? The MD5 hash algorithm is well-defined, and both use, IIRC, the PHP implementation to handle it.