Change hashing method to a already hashed password


I would like if it’s possible to change the hashing method for an already hashed password. For example:

$password_input = '123456789';
$hashed_password = md5($password_input);
// The output would be 25f9e794323b453885f5181f1b624d0b

The result was made with the following online tool:

The next step would be insert the hashed password into the database. When I do this the given hashed password will be in the users table. If I select that password, can I change the md5 hash by a sha-256? For example:

$md5_password = '25f9e794323b453885f5181f1b624d0b';
$sha256_password = hash('sha256', $md5_password);

If this would be possible, would it break the login function? I mean if I use password_verify method, will it return true?

>Solution :

You will not get password back from md5, you can’t unhash one way hash algorithms.

What we do – incorporate re-hashing in login flow.

  1. User logins to your system with old hash password
  2. You detect, that this user needs re-hash
  3. While still having sent plain text password you hash it with new algorithm and save to database
  4. Next time user logins with newly hashed password without problems

Leave a Reply Cancel reply