How do I convert password hashing from MD5 to SHA?

Question

I\'ve got an old application that has user passwords stored in the database with an MD5 hash. I\'d like to replace this with something in the SHA-2 family.

I\'ve tho

Answer 1

Your second suggestion sounds the best to me. That way frequent users will have a more secure experience in the future.

The first effectively "quirks-mode"'s your codebase and only makes sure that new users have the better SHA experience.