> From: Johan De Meersman <vegivamp@stripped> To:J Gao <jgao@stripped>
> > From: "J Gao" <jgao@stripped>
> > Subject: Transfer ENCRYPT password field to another server
> > So, is there a way to make the MySQL encrypted password string
> > "2I6JOeg.JukJ." convert to MD5 hash "$1$................."?
> Nope. Encrypt() calls unix crypt(), which is really more a hash - you can't
> go back to the original.
> The proper way to handle this, is to notify the users that passwords will
> expire upon moving to the new system, and sending each of them a personal,
> unique link to set their new password.
If in a hurry, yes indeed. To limit impact on your most active users, you can
usually do something like on the application side for a while before
1) On login, try new hash method first
2) On fail, try old hash method
3) If old hash method succeeds, update hash to new hash method (or store it in
a new location), as you now temporarily have the actual password.
4) After most active users have thus 'upgraded their password by just logging
in', send out an e-mail to those who haven't with the (re)set password link
Johan mentions, and retire the old hash method.
(Do keep in mind password resets etc. also need to know about the multiple
hashing methods in use.)