Update: I've learned that bcrypt, PBKDF2, etc. should be used instead of SHAxxx. So replacing SHA512 by bcrypt in my question:
I want to upgrade password hashing from Digest::SHA1.hexdigest(password + some_string + salt) to bcrypt. Is there a way to migrate existing SHA1 password hashes to the same security level as bcrypt? What about this: hashed_pw_bcrypt = BCrypt::Password.create(hashed_pw_sha1) And then authorize existing users as follows: BCrypt::Password.create(Digest::SHA1.hexdigest(password + some_string + salt)) == hashed_pw_bcrypt And as soon as users successfully login this way, then change hashing to hashed_pw_bcrypt = BCrypt::Password.create(password) and set the hashed_pw_sha1 attribute to nil in order to mark the user as migrated. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/796afd8b-e65c-4129-ba55-cfa97a885b9b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
