There are other migration techniques. If you know md5(password), you can create ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		danielweber on Dec 15, 2016 \| parent \| context \| favorite \| on: Yahoo discloses hack of 1B accounts There are other migration techniques. If you know md5(password), you can create bcrypt(md5(password)).

syncsynchalt on Dec 15, 2016 [–]

That's what I do, though care should be taken that you can't then login against the old passwords by putting md5(password) in the password field.

Usually you do this by decorating the bcrypt(md5(p)) entries in some way so you can recognize which ones are tested with bcrypt() vs bcrypt(md5()).

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact