MD5 is an algorithm, which is too fast for secure password hashing. An attacker could brutforce it very quickly compared to other algorithms.
An hashing algorithm with higher CPU-consumption would be more secure.
Good idea ... webmin does support this for /etc/passwd, but not for it's own passwords in /etc/webmin/miniserv.users .
What hashing scheme would you consider more secure?
I would consider e.g. PBKDF2 with SHA-512:
http://search.cpan.org/~dagolden/PBKDF2-Tiny-0.005/lib/PBKDF2/Tiny.pm
with a strong salt:
http://search.cpan.org/~ddick/Crypt-URandom-0.36/lib/Crypt/URandom.pm
if those modules are compliant with the webmin licence.
This is an outstanding description of security in Hashing-Algorithms:
https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords#answer-31846
Thanks - we will work on this, and update this bug when it's done
SHA512 support has been implemented for inclusion in the next Webmin release.
Most helpful comment
SHA512 support has been implemented for inclusion in the next Webmin release.