You need the user to login once to get their raw password to rehash it. Unless y... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		astrange on Sept 29, 2016 \| parent \| context \| favorite \| on: Defending Against Hackers Took a Back Seat at Yaho... You need the user to login once to get their raw password to rehash it. Unless you like rewrapping old hashes in every new one as it comes along.

stavros on Sept 29, 2016 [–]

Yep, exactly. You wrap them all in the new one, and migrate when the user next logs in.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact