如何将密码哈希从 MD5 转换为 SHA? [英] How do I convert password hashing from MD5 to SHA?
问题描述
我有一个旧应用程序,它的用户密码使用 MD5 哈希值存储在数据库中.我想用 SHA-2 系列中的东西替换它.
I've got an old application that has user passwords stored in the database with an MD5 hash. I'd like to replace this with something in the SHA-2 family.
我已经想到了两种可能的方法来实现这一点,但都显得相当笨拙.
I've thought of two possible ways to accomplish this, but both seem rather clunky.
1) 添加一个布尔标志"字段.在此之后用户第一次进行身份验证时,将 MD5 密码哈希替换为 SHA 密码哈希,并设置标志.然后我可以检查标志以查看密码哈希是否已转换.
1) Add a boolean "flag" field. The first time the user authenticates after this, replace the MD5 password hash with the SHA password hash, and set the flag. I can then check the flag to see whether the password hash has been converted.
2) 添加第二个密码字段来存储 SHA 哈希.在此之后用户第一次进行身份验证时,使用 SHA 对密码进行哈希处理并将其存储在新字段中(可能同时删除他们的 MD5 哈希).然后我可以检查SHA字段是否有值;这基本上成了我的旗帜.
2) Add a second password field to store the SHA hash. The first time the user authenticates after this, hash the password with SHA and store it in the new field (probably delete their MD5 hash at the same time). Then I can check whether the SHA field has a value; this essentially becomes my flag.
在任何一种情况下,对于不经常登录的任何用户,MD5 身份验证都必须保留一段时间.并且任何不再活跃的用户将永远不会切换到 SHA.
In either case, the MD5 authentication would have to remain in place for some time for any users who log in infrequently. And any users who are no longer active will never be switched to SHA.
有没有更好的方法来做到这一点?
Is there a better way to do this?
推荐答案
基本相同,但可能比添加额外字段更优雅:在 Django,密码哈希存储为这样构造的字符串:
Essentially the same, but maybe more elegant than adding extra fields: In the default authentication framwork in Django, the password hashes are stored as strings constructed like this:
hashtype$salt$hash
Hashtype 是 sha1 或 md5,salt 是一个随机字符串,用于对原始密码进行加盐,最后是哈希本身.示例值:
Hashtype is either sha1 or md5, salt is a random string used to salt the raw password and at last comes the hash itself. Example value:
sha1$a1976$a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4
这篇关于如何将密码哈希从 MD5 转换为 SHA?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
