From a3feba7c73956f6a2fab07d1c8d934aa82de38c4 Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Wed, 2 May 2018 22:18:24 +0200
Subject: [PATCH] change default for php_crypt to SHA512

(+ a few whitespace changes)
---
 functions.inc.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/functions.inc.php b/functions.inc.php
index 63403e38..7197e56f 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -1060,7 +1060,7 @@ function _pacrypt_php_crypt($pw, $pw_db) {
         // existing pw provided. send entire password hash as salt for crypt() to figure out
         $salt = $pw_db;
     } else {
-        $salt_method = 'MD5'; // default.
+        $salt_method = 'SHA512'; // default.
         // no pw provided. create new password hash
         if (strpos($CONF['encrypt'], ':') !== false) {
             // use specified hash method
@@ -1076,7 +1076,7 @@ function _pacrypt_php_crypt($pw, $pw_db) {
 }
 
 // used for php_crypt method
-function _php_crypt_generate_crypt_salt($hash_type='MD5') {
+function _php_crypt_generate_crypt_salt($hash_type='SHA512') {
     // generate a salt (with magic matching chosen hash algorithm) for the PHP crypt() function
 
     // most commonly used alphabet
@@ -1105,19 +1105,19 @@ function _php_crypt_generate_crypt_salt($hash_type='MD5') {
         }
         $salt = _php_crypt_random_string($alphabet, $length);
         return sprintf('$%s$%02d$%s', $algorithm, $cost, $salt);
-        
+
     case 'SHA256':
         $length = 16;
         $algorithm = '5';
         $salt = _php_crypt_random_string($alphabet, $length);
         return sprintf('$%s$%s', $algorithm, $salt);
-        
+
     case 'SHA512':
         $length = 16;
         $algorithm = '6';
         $salt = _php_crypt_random_string($alphabet, $length);
         return sprintf('$%s$%s', $algorithm, $salt);
-        
+
     default:
         die("unknown hash type: '$hash_type'");
     }