[SOLVED] Password Re-hash to more secure API?

This topic is locked

[SOLVED] Â Password Re-hash to more secure API?	12/10/2014 1:39:35 PM
PHPRunner General questions
B bioman author Hi, In my initial phprunner application, I chose to have passwords encrypted. Not knowing much about encryption methods at the time, I chose the md5 option. I have since learned that md5 is considered broken for password hashing and that other methods should be used such as the php 5.5 hashing API. I am wondering if it is possible to re-hash the passwords somehow using a more secure API, without breaking my current application. Is this possible at all or should I just stick with MD5? Thanks, Brett


	Sergey Kornilov admin 12/10/2014
	Hashing is one-way operation, you cannot re-hash existing passwords. What you can do is to make users reset their passwords using a new hashing algorithm when they enter a new password. You can expect a reasonable amount of work in order to implement it properly. You need to be able to support both hashing algorithms till all users are converted.

Â Password Re-hash to more secure API?