Updating password hashing without forcing a new password for existing users
Posted
by
Willem
on Programmers
See other posts from Programmers
or by Willem
Published on 2013-11-09T17:15:22Z
Indexed on
2013/11/09
22:08 UTC
Read the original article
Hit count: 299
You maintain an existing application with an established user base. Over time it is decided that the current password hashing technique is outdated and needs to be upgraded. Furthermore, for UX reasons, you don't want existing users to be forced to update their password. The whole password hashing update needs to happen behind the screen.
Assume a 'simplistic' database model for users that contains:
- ID
- Password
How does one go around to solving such a requirement?
My current thoughts are:
- create a new hashing method in the appropriate class
- update the user table in the database to hold an additional password field
- Once a user successfully logs in using the outdated password hash, fill the second password field with the updated hash
This leaves me with the problem that I cannot reasonable differentiate between users who have and those who have not updated their password hash and thus will be forced to check both. This seems horribly flawed.
Furthermore this basically means that the old hashing technique could be forced to stay indefinitely until every single user has updated their password. Only at that moment could I start removing the old hashing check and remove the superfluous database field.
I'm mainly looking for some design tips here, since my current 'solution' is dirty, incomplete and what not, but if actual code is required to describe a possible solution, feel free to use any language.
© Programmers or respective owner