GitLab

Currently Icecast uses unsalted md5 hashes of passwords. Once an attacker obtains access to those the risk is high that simple passwords will be broken by simple md5 look-up through web search.

We should move to using bcrypt, as it's license permits us to incorporate it, also it should allow us to be compatible with the standard htpasswd(1) manipulation tool.

In the meanwhile using forwarded http authentication potentially offers higher security by deferring authentication to another http server.