Revert "setup: Store passwords in SHA format"

This reverts commit eef9b2529c.

It appears that htpasswd is not salting any passwords that are
stored with the SHA (-s) algorithm. MD5 passwords however are
salted.

That leads us to the conclusion that the "MD5 algorithm" in htpasswd
is more secure than the "SHA algorithm" although the hash function
itself should be stronger.

With a rainbow table, cracking "SHA" is easily done.

A rainbow table for "MD5" + salt would be way too large to be
efficiently stored.

Hence this commit is reverted to old behaviour to avoid the clear
failure of design in SHA.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>

config/rootfiles/core/106/filelists/files

@@ -22,5 +22,4 @@ srv/web/ipfire/cgi-bin/logs.cgi/log.dat
 srv/web/ipfire/cgi-bin/pakfire.cgi
 srv/web/ipfire/cgi-bin/pppsetup.cgi
 srv/web/ipfire/cgi-bin/services.cgi
-usr/sbin/setup
 var/ipfire/backup/include

src/setup/passwords.c

@@ -56,7 +56,7 @@ int handleadminpassword(void)
 		return 0;
 	
 	snprintf(commandstring, STRING_SIZE,
-		"/usr/sbin/htpasswd -c -s -b " CONFIG_ROOT "/auth/users admin '%s'", password);
+		"/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
 	sprintf(message, _("Setting %s 'admin' user password..."), NAME);
 	if (runhiddencommandwithstatus(commandstring, _("Setting password"), message, NULL)) {
 		sprintf(message, _("Problem setting %s 'admin' user password."), NAME);