MD5 hash of master password is unsalted

[eudiamonia]

Nice extension,

Whilst putting this through it's paces for a colleague and noticed an issue where I can use javascript to reveal the MD5 hash of the master password. Because the MD5 is unsalted, It can then be cracked using precomputed hashes on various internet sites.

Can you consider adding a random salt to the master password before hashing and using a better hash than MD5.