On Jun 7, 2015, at 6:10 AM, Luma <[email protected]> wrote: > Update: I've learned that bcrypt, PBKDF2, etc. should be used instead of > SHAxxx. So replacing SHA512 by bcrypt in my question: > > I want to upgrade password hashing from > Digest::SHA1.hexdigest(password + some_string + salt) > to bcrypt. > > Is there a way to migrate existing SHA1 password hashes to the same security > level as bcrypt? What about this: > hashed_pw_bcrypt = BCrypt::Password.create(hashed_pw_sha1) > > And then authorize existing users as follows: > BCrypt::Password.create(Digest::SHA1.hexdigest(password + some_string + > salt)) == hashed_pw_bcrypt > > And as soon as users successfully login this way, then change hashing to > hashed_pw_bcrypt = BCrypt::Password.create(password) > and set the hashed_pw_sha1 attribute to nil in order to mark the user as > migrated.
I think what I would do is add a new set of fields to the existing user record for the new password types, and a boolean column to switch between which one to use. Once all your users are migrated to the new version, you can close off the old method. Something like this pseudocode: if the boolean is false, test given password against old hash if it passes re-hash the given password with the new algorithm set the boolean set the new hash column save redirect if not whatever you currently do end Walter > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/796afd8b-e65c-4129-ba55-cfa97a885b9b%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/8B3FCABF-1CB1-441A-A8B9-661B75FA6B59%40wdstudio.com. For more options, visit https://groups.google.com/d/optout.
