Hi Neophytos,
Not sure how openacs stores passwords these days
Current OpenACS currently supports the following methods:
* scram-sha-256
* scrypt-16384-8-1
* salted-sha1
Upgrading can be performed via changing the kernel parameter. The method scram-sha-256 is defined in RFC 7677 and is e.g. the recommended password hash function for newer versions of PostgreSQL.
scrypt is newer than bcrypt and supports parameterization to further harden against attacks.
When NaviServer is complied with OpenSSL 3.2 or newer [2], Argon2 is supported as well. Argon2 is a key derivation function that was selected as the winner of the 2015 Password Hashing Competition, defined by RFC 9106 (2021) - and also mentioned as the first choice of the (somewhat outdated) dropbox article.
-gn
[1] https://stackoverflow.com/questions/1226513/whats-the-advantage-of-scrypt-over-bcrypt
[2] https://bitbucket.org/naviserver/naviserver/commits/4d634d54b77d1ce6b61f07944871f3dcf1a330a5
