Joget is now more secure with advanced hashing implementation for passwords. The hash function used is SHA-256 with added salt.
The default algorithm being used for 2-way encryption is PBEWithMD5AndDES. If stronger encryption is required, the encryption implementation can be replaced with a custom DataEncryption implementation in /WEB-INF/classes/customApplicationContext.xml e.g.
<!-- Sample custom DataEncryption implementation -->
<bean id="dataEncryption" class="custom.CustomDataEncryptionImpl">
<property name="some_property" value="some_value"/>
NOTE: If any encryption key or implementation changes are to be implemented, they must be done right at the beginning of any deployment as all previous encrypted strings would become unreadable.