How would you add salt to your existing password hashes?

Question

I have a database of hashed passwords that had no salt added before they were hashed. I want to add salt to new passwords. Obviously I can\'t re-hash the existing ones.

<

Answer 1

You could add a column, consisting of a flag showing whether the user has an old (no salt) or a new (with salt) hash.

A good idea is, at that point, to force all users to change their passwords upon sign in. This way you can get rid of that column eventually.