0

The passwords in my database is now text and I just figured that I can use md5() function to convert the passwords to hashes, but now I want to convert all of my users in the database to hashes any idea to do that so I should not need to tell everybody to reenter their passwords,

This question is not duplicated with any other question Like Convert text passwords in database to hashed passwords?, because I want to know an idea how to do that in PHP, and Secure hash and salt for PHP passwords is also not duplicated because I want to change all password which exist already in my database I should not need to ask all of my user to change their passwords as I said above,

Any ideas?

Community
  • 1
  • 1
thegrede
  • 492
  • 1
  • 6
  • 18
  • 1
    Don't use `md5`, use something else like `whirlpool`. There are way too many rainbow tables available for `md5`, among other problems. – Brad Jun 18 '12 at 21:17
  • @Brad Ok will do that, but I want an idea to convert all password which exist already in database – thegrede Jun 18 '12 at 21:22
  • 5
    Create a new column. Convert all passwords in column A into encrypted strings in column B. Visually inspect the table to make sure column A didn't have any encrypted passwords already. Rename column B to "column A" and rename column A to "column Z". Wait a few weeks before deleting column Z so you can make sure everything is working smoothly first. Scold yourself for not using encrypted passwords in the first place. – Blazemonger Jun 18 '12 at 21:23
  • update XXX set password=md5(password); but i don't recommend it. –  Jun 18 '12 at 21:26

2 Answers2

1

All you have to do for your example is run each password through the hash (which I recommend is not md5 since that one now has known weaknesses) and store the hash back. Then when someone tries to log in, take their password and hash it, then compare the hash to what you have in the database. If you currently store the plaintext, you should not have to ask the users to renter anything, just hash what you have already.

hackartist
  • 5,172
  • 4
  • 33
  • 48
0

Md5 encryption is not secure, but I have encrypted it for you.

password_hash() example using Argon2i

<?php
echo 'Argon2i hash: ' . password_hash('rasmuslerdorf', PASSWORD_ARGON2I);
?>
Lars Gross
  • 102
  • 6