I would like if it’s possible to change the hashing method for an already hashed password. For example:
$password_input = '123456789'; $hashed_password = md5($password_input); // The output would be 25f9e794323b453885f5181f1b624d0b
The result was made with the following online tool:
The next step would be insert the hashed password into the database. When I do this the given hashed password will be in the
users table. If I select that password, can I change the
md5 hash by a
sha-256? For example:
$md5_password = '25f9e794323b453885f5181f1b624d0b'; $sha256_password = hash('sha256', $md5_password);
If this would be possible, would it break the login function? I mean if I use
password_verify method, will it return true?
You will not get password back from md5, you can’t unhash one way hash algorithms.
What we do – incorporate re-hashing in login flow.
- User logins to your system with old hash password
- You detect, that this user needs re-hash
- While still having sent plain text password you hash it with new algorithm and save to database
- Next time user logins with newly hashed password without problems