MD5 password support dropped

Starting in release 2.21 we have completely dropped support for MD5 hashed passwords in DHIS2. This means that any user which has not logged in on a 2.17 or later instance will have to reset their password (or have the administrator deal with it).

For anyone doing maintenance of DHIS2: we now store passwords as a bcrypt hash with embedded salt, using the $2a$ profile of bcrypt with a default round count of 10. If you for some reason need to generate passwords externally (I know this has been done using the dhispassword tool that Bob wrote) there are implementations for pretty much any scripting environment. Python example:

import bcrypt

hash = bcrypt.hashpw(“thepassword”,bcrypt.gensalt(10,prefix=b"$2a"))