当前位置: 动力学知识库 > 问答 > 编程问答 >

mysql - php converting all passwords in DB

问题描述:

Hi guys recently I started using

$salt = $uniqueSalt;

$cryptpassword = md5($salt.$password);

How would I convert all password in my mysql database with this so it doesnt affect the users?

the passwords in my database atm are in plain text, I want to convert all the plain text passwords to md5 with the salt

网友答案:

I recommend you read more about salts and how to use them. They should not be a constant string, but something unique to each user. For example username. Or my personal favorite: registration date (with the precision of 1 second, of course).

Also, if you store the passwords in your DB as MD5 hashes, there's no way to convert the passwords. MD5 is one way hashing, you can't obtain the original passwords in order to apply the salt and rehash. If you absolutely want to apply this, then the only way you can do this is force each user to change his password and apply the new algorithm when they do. There are 2 problems with this:

  • most users are not going to like this
  • you must keep track of which user made the change and which didn't. This is to prevent problems when logging in.
网友答案:

just like this, but you have to change your login, so you dont check for their password but for md5($salt.$password);

but as my forposters said, its not much securer and if the password isnt already plain in your database you probably wont get it as plain text if it has been hashed

分享给朋友:
您可能感兴趣的文章:
随机阅读: