Home/ Questions/Q 6992813
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T19:41:00+00:00

I want to set up a system where I am allow to migrate encrypted

  • 0

I want to set up a system where I am allow to migrate encrypted password (hash password), from one system to another. How would i do this?

Say 2 month down the line, i found a encryption that is 10 times better and the current hash function has been proven without a doubt, totally vulnerable. How would I go about migrating user password from one type of hash to another (the better one).

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can slowly migrate from a method to another using the following technique. I cannot guarantee its quality so please take it with a grain of salt (pun not intended).

    For example, consider the following table, that stores users:

    id    name    password    salt    hashmethod
--------------------------------------------
1     alice   ABC52...    ABD...  md5
2     bob     28DHF...    Z+d...  sha1
...

    Say that your outdated hash method is md5 and you want to replace it with the more secure sha1, this is what you do:

    • A user logs in, you hash its password with the new method (sha1) and salt.
      • a) If a match is found (corresponding username and password and method sha1), the user is logged.
      • b) If a match is not found:
        • 1) You hash with the old method (md5) and salt.
          • a) If a match is found (corresponding username and password and method md5), you hash the password with the new method (sha1) and salt, and update the database accordingly. The user is logged.
          • b) If a match is not found, the credentials are invalid and the user is not logged.

    This migration can take a long time, so to speed it up you should e-mail your users asking them to log in or change their passwords.

    Hope it helps.

    • 0