List:General Discussion« Previous MessageNext Message »
From:Rik Wasmus Date:July 20 2013 11:04am
Subject:Re: Transfer ENCRYPT password field to another server
View as plain text  
> From: Johan De Meersman <vegivamp@stripped> To:J Gao <jgao@stripped>
> @ 
2013-07-19
> > From: "J Gao" <jgao@stripped>
> > Subject: Transfer ENCRYPT password field to another server
> > 
> > So, is there a way to make the MySQL encrypted password string
> > "2I6JOeg.JukJ." convert to MD5 hash "$1$................."?
> 
> Nope. Encrypt() calls unix crypt(), which is really more a hash - you can't
> go back to the original.
> 
> The proper way to handle this, is to notify the users that passwords will
> expire upon moving to the new system, and sending each of them a personal,
> unique link to set their new password.

If in a hurry, yes indeed. To limit impact on your most active users, you can 
usually do something like on the application side for a while before 
migrating:

1) On login, try new hash method first
2) On fail, try old hash method
3) If old hash method succeeds, update hash to new hash method (or store it in 
a new location), as you now temporarily have the actual password.
4) After most active users have thus 'upgraded their password by just logging 
in', send out an e-mail to those who haven't with the (re)set password link 
Johan mentions, and retire the old hash method.

(Do keep in mind password resets etc. also need to know about the multiple 
hashing methods in use.)
-- 
Rik Wasmus
Thread
Transfer ENCRYPT password field to another serverJ Gao18 Jul
  • Re: Transfer ENCRYPT password field to another serverJohan De Meersman19 Jul
    • Re: Transfer ENCRYPT password field to another serverRik Wasmus20 Jul