Note: these are some musings on password hashes, which do not
invalidate Andy's call to action!
On Fri, Dec 28, 2018 at 09:22:15PM +0000, Andy Smith wrote:
> Sadly we cannot just upgrade everyone's hash scheme because we don't
> know your passwords!
This actually isn't true!
You can upgrade any half-decent hash scheme by simply applying the new
hash to the old hash of the password. So for example, you have in the
past used MD5 without a salt as hashing algorithm and you want to
upgrade it to bcrypt which is slower (a good thing) and comes with a
salt. Then you just take MD5(password) and replace it with
bcrypt(MD5(password)) -- this doesn't require you to know the password
-- and update your password-checking functionality accordingly.
People tend to be reluctant to do this, because MD5 is broken as a
hashing algorithm (collisions can be created) but that isn't relevant
here.
Mind you, if you were to apply this on a live website, I would not
blindly trust a guy on some mailing list, but here is a reference on how
Facebook did this, for those interested:
http://bristolcrypto.blogspot.com/2015/01/password-hashing-according-to-facebook.html
Martijn
