How would you add salt to your existing password hashes?

Question

I have a database of hashed passwords that had no salt added before they were hashed. I want to add salt to new passwords. Obviously I can\'t re-hash the existing ones.

<

Answer 1

There are some ways here that may work for you.
Remember, any constant pattern you add into the existing hash is useless (one of the tricks on that link is suggesting something like that). There should be no identifiable pattern that can be used to isolate the salt.

Of course, the best way would be to migrate to a salted hash table.

Answer 2

I dealt with a similar issue involving multiple hashing techniques. I used the approach of encoding a hash method type in the database as well (i.e. 'alpha', 'beta', 'gamma', 'delta'). I marked all current hashes with the appropriate level. As users logged in, I validated their passwords and re-hashed them using the updated methods. Our passwords expire after 90 days, so it was just a matter of holding on for 3 months until all passwords using the old methods could be reset.