How would you add salt to your existing password hashes?

Question

I have a database of hashed passwords that had no salt added before they were hashed. I want to add salt to new passwords. Obviously I can\'t re-hash the existing ones.

<

Answer 1

Sure you can. Just add a salt to the existing hash and hash it again. Of course this will require any future logins to go through the same process meaning two hash functions will need to be called but lots of legitimate patterns do this anyway so it doesn't smell as bad as you might think.

Salting a password is an effort to defend against rainbow tables. In this case the salt does not need to be a secret.

http://en.wikipedia.org/wiki/Rainbow_tables#Defense_against_rainbow_tables

You can actually see in the article

hash = MD5 (MD5 (password) . salt)

Which is the same exact method you would be using. (Except a different hashing function.)