I would like if it’s possible to change the hashing method for an already hashed password. For example:
$password_input = '123456789';
$hashed_password = md5($password_input);
// The output would be 25f9e794323b453885f5181f1b624d0b
The result was made with the following online tool:
https://helloacm.com/md5/
The next step would be insert the hashed password into the database. When I do this the given hashed password will be in the users table. If I select that password, can I change the md5 hash by a sha-256? For example:
$md5_password = '25f9e794323b453885f5181f1b624d0b';
$sha256_password = hash('sha256', $md5_password);
If this would be possible, would it break the login function? I mean if I use password_verify method, will it return true?
>Solution :
You will not get password back from md5, you can’t unhash one way hash algorithms.
What we do – incorporate re-hashing in login flow.
- User logins to your system with old hash password
- You detect, that this user needs re-hash
- While still having sent plain text password you hash it with new algorithm and save to database
- Next time user logins with newly hashed password without problems