A client has a huge userbase and I'm required to encrypt/hash passwords in a secure manner. The problem is I can't ask every user to change their password and the passwords are already hashed with md5() without a salt. One way of doing this is to encrypt the current passwords with a salt and when a user changes or resets the password i just encrypt it with the salt.Are there any pitfalls or more or less obvious dangers of doing so [ i mean sha1(md5(password) with salt) ]? Thank you for your time
Pitfalls of encrypting (with salt) of a md5-hashed-password (php)
- Thread starter real-d
- Start date