diff --git a/admin/login.php b/admin/login.php
index 10912ec..f288259 100644
--- a/admin/login.php
+++ b/admin/login.php
@@ -31,7 +31,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' AND $dispatch_login) {
 	    die('Somebody tried to hack Jlog with Response-Splitting.');
 	}
 	
-	if (md5($passwort) == JLOG_ADMIN_PASSWORD) {
+	if (hashPassword($passwort) == JLOG_ADMIN_PASSWORD) {
         $_SESSION['logged_in'] = true;
 		session_regenerate_id();	// neue SID
     	
diff --git a/scripts/JlogUpdater.php b/scripts/JlogUpdater.php
index cf70868..cfd878b 100644
--- a/scripts/JlogUpdater.php
+++ b/scripts/JlogUpdater.php
@@ -59,7 +59,7 @@ class JlogUpdater
     
     function performUpdate($l) 
     {
-        if (JLOG_AMDIN_PASSWORD !== md5($_POST['jlog_password']) and JLOG_ADMIN_PASSWORD !== md5(utf8_decode($_POST['jlog_password']))) {
+        if (JLOG_AMDIN_PASSWORD !== hashPassword($_POST['jlog_password']) and JLOG_ADMIN_PASSWORD !== hashPassword(utf8_decode($_POST['jlog_password']))) {
             return '<p>' . $l['admin']['login_false_pw'] . '</p>';
         }
         
@@ -146,4 +146,4 @@ class JlogUpdater
     }
 }
 
-// eof
\ No newline at end of file
+// eof
diff --git a/scripts/general.func.php b/scripts/general.func.php
index 1a449d2..8d2b774 100644
--- a/scripts/general.func.php
+++ b/scripts/general.func.php
@@ -310,4 +310,9 @@ class JLOG_Tags {
           else return;
       }
 }
-?>
\ No newline at end of file
+
+// security functions
+function hashPassword($pw) {
+	// TODO: see iusses/2 for details
+	return md5($pw);
+}
diff --git a/scripts/settings.class.php b/scripts/settings.class.php
index 5eed38f..9eb868c 100644
--- a/scripts/settings.class.php
+++ b/scripts/settings.class.php
@@ -165,8 +165,8 @@ class Settings {
                 $this->jlog_admin_password = JLOG_ADMIN_PASSWORD;
             }
             else {
-                $this->d['jlog_admin_password'] = md5($this->d['jlog_admin_password']);
-                $this->d['jlog_admin_password_again'] = md5($this->d['jlog_admin_password_again']);
+                $this->d['jlog_admin_password'] = hashPassword($this->d['jlog_admin_password']);
+                $this->d['jlog_admin_password_again'] = hashPassword($this->d['jlog_admin_password_again']);
             }
             $this->d['jlog_installed_version'] = JLOG_INSTALLED_VERSION;
             $this->d['jlog_installed_url'] = JLOG_INSTALLED_URL;
@@ -174,8 +174,8 @@ class Settings {
             $this->d['jlog_installed_mysqlv'] = JLOG_INSTALLED_MYSQLV;
         }
         else {
-            $this->d['jlog_admin_password'] = md5($this->d['jlog_admin_password']);
-            $this->d['jlog_admin_password_again'] = md5($this->d['jlog_admin_password_again']);
+            $this->d['jlog_admin_password'] = hashPassword($this->d['jlog_admin_password']);
+            $this->d['jlog_admin_password_again'] = hashPassword($this->d['jlog_admin_password_again']);
         }
         
         if((defined('JLOG_SETUP') AND JLOG_SETUP === true)) 
@@ -408,7 +408,7 @@ class Settings {
         if(empty($this->d['jlog_website'])) $errors[] = $this->l['admin']['e_website'];
         if(empty($this->d['jlog_publisher'])) $errors[] = $this->l['admin']['e_publisher'];
         if(defined('JLOG_SETUP') AND JLOG_SETUP) {
-          if($this->d['jlog_admin_password'] == md5(""))
+          if($this->d['jlog_admin_password'] == hashPassword(""))
           $errors[] = $this->l['admin']['e_admin_password'];
           elseif($this->d['jlog_admin_password'] !== $this->d['jlog_admin_password_again'])
           $errors[] = $this->l['admin']['e_admin_password_again'];
@@ -530,4 +530,4 @@ class Settings {
     }
 }
 
-// eof
\ No newline at end of file
+// eof