tags:

views:

89

answers:

1
+1  Q: 

Migrating password encryption schemas

I am possibly taking over an app that literally just encrypts user passwords by doing md5( password )

They have ~2000 users to date, so I'm wondering how I can migrate those passwords (or can I?) to a stronger encryption schema (e.g. involving a salt, user-specific hash, and their password, all encrypted with sha1, bcrypt, whatever)

Thanks.

+1  A: 

MD5 is a cryptographic hash function, not necessarily an encryption method. A hash is designed to only be performed in one direction, and cannot be reversed other than by dictionary attack. As an example, you can try out this hash database lookup if you're feeling frisky.

You will probably want to save these old passwords in a separate column, then when the users login to the "new" system, compare the MD5'ed version of that password with the old one, and if the digest matches, perform SHA1 with a salt on that password and store that in a separate column.

Alternatively, and probably a better approach, is the force the users to change passwords... and when they enter their new one, use the new hash algorithm on it instead.

John Rasch  2009-04-29 01:47:37
thanks! i was thinking something similar - in the interest of avoiding a force the use to change their password system, i was thinking of moving the existing passwords to an additional column, as you mention, and just re-encrypting on the fly. luckily i'm dealing with 2k users vs 20k or 200k.
Kyle  2009-04-29 02:14:26

related questions

Ruby on Rails Migration - Create New Database Schema
Best way to really grok Java for a C# guy
How can I quickly identify most recently modified stored procedures in SQL Server
Migrating an Existing Application to accept Unicode.
Moving SQL2005 app to SQL2008
How good are the tools to migrate to and from Team System?
rake db:migrate doesn't detect new migration ?
How to upgrade database schema built with an ORM tool?
Rails model validators break earlier migrations
What tools exist to convert a Delphi 7 application to C# and the .Net framework?
Recommendation on Tools to migrate from Clearcase to SVN?
What’s the best approach when migrating legacy projects across versions of visual studio?
What is th easiest way to copy a database from one Informix IDS 11 Server to another
Migrating database changes from development to live
Convert Web.config from .NET 2.0 to 3.5
Migrating from ASP Classic to .NET and pain mitigation
Visual Source Safe --> TFS Migration
C# for Java Developer
Quick easy way to migrate SQLite3 to MySQL?
Migrating from MySQL to PostgreSQL
Easy way for Crystal Reports to MS SQL Server Reporting Services conversion
Database Migration library for .NET
PHP4 to PHP5 Migration
Mechanisms for tracking DB schema changes
Upgrading SQL Server 6.5