Currently, when creating management users in a Wildfly out-of-the-box installation (using add-user.bat/.sh), passwords are hashed using MD5 and stored in a properties file. The default properties-realm configuration in standalone.xml relies on this mechanism.

MD5 is widely considered deprecated due to known vulnerabilities and is no longer recommended for securing passwords. As far as I am aware, there is currently no way to configure the properties-realm to use a more secure password hashing algorithm (such as PBKDF2-SHA256 or Argon2).

Request/Suggestion:

I would like to propose an enhancement allowing the properties-realm to support stronger, more modern password hashing algorithms. Ideally, administrators should have the option to select from recommended hash functions, helping to conform with current security best practices and compliance requirements.