Going from unsalted to salted MD5 passwords

Question

I have a LAMP (PHP) website which is becoming popular.

I played it safe by storing the user passwords as md5 hashes.

But I now see that\'s not secure; I should h

Answer 1

You can still use a salt. Just calculate another hash from the current hash together with a salt:

$newHash = md5($salt.$oldHash);

For new passwords you then need to use:

$hash = md5($salt.md5($password));