Yes, there is. The one I prefer, which you've mostly laid out, is: new passwords... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		syncsynchalt on Dec 15, 2016 \| parent \| context \| favorite \| on: Yahoo discloses hack of 1B accounts Yes, there is. The one I prefer, which you've mostly laid out, is: new passwords are entered as bcrypt(pw) and then stored as "B-$result", old passwords are re-hashed as bcrypt(hash) = bcrypt(md5(pw)) and stored as "M-$result", then your auth function works as follows: `def auth(user, pw): hash = get_hash(user) if hash starts with "B-": return hash == bcrypt(pw) else if hash starts with "M-": return hash == bcrypt(md5(pw)) else: # remove this once you've rehashed your entire database return hash == md5(pw)` The naïve solution is to skip the "B-"/"M-"/"" annotation but if you do that you've introduced a situation where attackers can login to old passwords using md5 leaked from another source.

HappyTypist on Dec 16, 2016 [–]

The other solution (that Yahoo used) is use bcrypt(md5(password)) which allows them to rehash all existing passwords without logging in.

blauditore on Dec 16, 2016 | [–]

I think that's what he described, plus adding a prefix in order to indicate it's been re-hashed.

syncsynchalt on Dec 16, 2016 | | [–]

That's exactly right, thank you!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact