0

I am getting hashes and salts based on MD5 from a platform where users register.My platform is getting from a csv file the data of the new users(name,surname,username,password) and i have created a script in php that adds them automatically in my database.However i have a problem with the passwords because the platform i am using uses Bcrypt passwords.I have no idea how i can change the salted MD5 hashed passwords to a Bcrypt password so that when the users that have registered to the other platform try to login in mine the authentication succeeds.

Thank you in advance.

anisaki nikol
  • 3
  • 2
  • This is weird. Why are you applying `md5` on `password_hash` .. You seem confused... Start with basic tutorials to fully understand the basics – Rotimi Nov 03 '17 at 12:27
  • What are you playing around with `password_hash()`/`password_verify()` ___and___ using `md5()` as well? You're reducing the entropy of the password, and hence its security..... just use `password_hash()`/`password_verify()`, and let it handle the salting and hashing for you... that's' what it does, and does well – Mark Baker Nov 03 '17 at 12:29
  • i applied password_hash to an md5 so i can use password_verify as suggested to an other question but it did not work. That is why i am looking for something that does the same work password_verify does for Bcrypt passwords – anisaki nikol Nov 03 '17 at 12:30
  • password_hash()/password_verify() uses bcrypt by default – Mark Baker Nov 03 '17 at 12:31
  • Unfortunatelly, t i get he passwords from an other app so they are encrypted as salted md5 and i cant change that.i just need to verify them with the clear text password. – anisaki nikol Nov 03 '17 at 12:31
  • If they're sending you MD5 then just use the `md5()` function to verify it. Just remember that [MD5 is not secure at all](https://security.stackexchange.com/questions/19906/is-md5-considered-insecure) – Machavity Nov 03 '17 at 12:35

0 Answers0