Switching from MD5 to BCrypt with Spring Security

Question

So far my application is hashing user passwords using simple MD5 algorithm now we have introduced Spring Security in the application and would prefer using BCrypt instead. My pr

Answer 1

You should be able to subclass BCryptPasswordEncoder, override the matches method to first let BCryptPasswordEncoder try and find a match and if a match is unsuccessful, try an MD5 match with your existing code. This way, everyone who has a BCrypt hashed password and provides the correct value will get logged in fast (due to the built-in BCryptPasswordEncoder logic). Everyone who has an old MD5 hashed password and provides the correct value will also get logged in (due to your custom code), but will incur the additional penalty of having gone through a BCrypt match first. Everyone else will not be logged in but the login failure path will incur the additional penalty of the MD5 check.

Rather than trying to re-hash existing passwords, it may be better to advise users to change their passwords once you have shifted fully to BCrypt since then the newly selected passwords will automatically get hashed using BCrypt and you will save yourself the hassle of matching against an MD5 hash. Many companies have done this in the past so this may not be such a surprising move for the users.

If you have robust Forgot Password functionality, it may even be possible to not match against MD5 at all. You will simply let users logging in with an old MD5 hashed password fail and ask them to use the Forgot Password functionality to create a new one (which will be encrypted with BCrypt anyway).