I was just browsing the Piwik FAQ on resetting passwords when I noticed Piwik uses MD5. MD5 is quite vulnerable... Could you please hash passwords using a secure algorithm like Scrypt? See this StackExchange post for details.
What FAQ entry are you referring to?
This one (https://piwik.org/faq/how-to/faq_191/) mentiones that the password is stored with the new and secure password_hash function (which uses `crypt) since Piwik 3.0.
echo password_hash(md5("changeMe"), PASSWORD_DEFAULT)
I am not sure why the md5-hash is calculated before as it seems useless, but this shouldn't lower the security.
That makes sense, thanks!