There are other migration techniques. If you know md5(password), you can create ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

danielweber on Dec 15, 2016 | parent | context | favorite | on: Yahoo discloses hack of 1B accounts

There are other migration techniques. If you know md5(password), you can create bcrypt(md5(password)).

syncsynchalt on Dec 15, 2016 [–]

That's what I do, though care should be taken that you can't then login against the old passwords by putting md5(password) in the password field.

Usually you do this by decorating the bcrypt(md5(p)) entries in some way so you can recognize which ones are tested with bcrypt() vs bcrypt(md5()).

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact