Store hashed passwords with salt
Before hashing a password a salt value should be applied every time 1) an user account is created, and 2) a user changes her password. Existing user accounts should be salted automatically on next successful login.
See
https://github.com/dmx-systems/dmx-platform/issues/37
https://trac.deepamehta.de/ticket/1030
#85 (closed)
Note: this ticket only focus at DMX's own password storage. Alternative storage like LDAP is another story.