On Jun 7, 2015, at 10:13 AM, Luma <[email protected]> wrote: > > What I think of is increasing the security level for all existing users > before they login the first time: immediately migrating all passwords to > bcrypt(old hash). The question is if this will really achieve the security > level of bcrypt for existing user accounts.
bcrypt(oldhash(password)) cannot be easier to crack than oldhash(password), and will be harder except for degenerate cases where oldhash(password) is easier to guess than password. (Imagine for instance a "hash" function which just returned "password1" for all inputs...) -- Scott Ribe [email protected] http://www.elevated-dev.com/ https://www.linkedin.com/in/scottribe/ (303) 722-0567 voice -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/33BFF7E5-0565-4E82-BE2D-F63D0F28AC63%40elevated-dev.com. For more options, visit https://groups.google.com/d/optout.
