How would you add salt to your existing password hashes?

前端 未结 8 1680
心在旅途
心在旅途 2021-02-08 06:08

I have a database of hashed passwords that had no salt added before they were hashed. I want to add salt to new passwords. Obviously I can\'t re-hash the existing ones.

<
8条回答
  •  囚心锁ツ
    2021-02-08 06:52

    I dealt with a similar issue involving multiple hashing techniques. I used the approach of encoding a hash method type in the database as well (i.e. 'alpha', 'beta', 'gamma', 'delta'). I marked all current hashes with the appropriate level. As users logged in, I validated their passwords and re-hashed them using the updated methods. Our passwords expire after 90 days, so it was just a matter of holding on for 3 months until all passwords using the old methods could be reset.

提交回复
热议问题