Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve a legacy app where passwords are hashed using MD5 without salt. I’d like to switch to SHA1 with salt, but I’d like to keep current users’ passwords.
My plan is to change hashing function to sha1(md5(password) + salt). I’ll be able to batch process all existing hashes using sha1(<existing_pass> + salt).
It’s not a good idea to keep md5, read this question: Use SHA-512 and salt to hash an MD5 hashed password?.
It’s better to have one salt for each user. With the same salt, users with the same password will have the same hash, and a rainbow table can be created for all your passwords at the same time.