Jan
Let's say that I have used md5() to store password of users in my database. But imagine that in 2009 someone invented a program or method to decrypt passwords stored with md5(). So in 2009 I should switch from md5() to another encryption method, like migrating all passwords to another method, to crypt() for instance. Is it possible to do such migration? I know the best is to be careful when deciding which method to use, but I just wonder if there is a way to migrate or swith from one encryption method to another one. Thank you.
Jaime Montoya
webmaster@jaimemontoya.com
www.jaimemontoya.com
Answer:
My best bet would be to be lazy:
Encrypt your existing md5 passwords and from now on, have 2 encryption layers instead of one:
Instead of doing:
password = md5("password");
you would do:
password = crypt(md5("password"), options);
Of course, you would have to change all passwords currently in the database by running them through the new encryption method once.
That's probably your best bet and the performance impact of running 2 encryption methods instead of one is probably not an issue (passwords are just a few characters long, so encryption is pretty fast.)
Book Mark it-> del.icio.us | Reddit | Slashdot | Digg | Facebook | Technorati | Google | StumbleUpon | Window Live | Tailrank | Furl | Netscape | Yahoo | BlinkList