Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve got a rails 3 production app that uses devise to deal with authentication. I’d like to change to using bcrypt instead of sha on the app but I can’t find any resources that explain the process of migrating from one to the other. I am assuming that you will need to have some sort of fallback in place to handle the fact that the passwords at the moment are salted a certain way with sha…
Anyone done this before?! Any tips, tutorials, walk-throughs, etc?!
I don’t think there is a solution you would like. I only know of two options –
reset all user passwords and email them telling them this has been done (and preferably why so they don’t freak out)
as every user logs in, check against the old hash system you had, if it validates, create a new bcrypt hash in a new column and then remove the old, less secure hash and begin a slow migration that way.
The mathemtical power needed to create a rainbow table to move over everyone just isn’t likely.