Sunday, November 6, 2016

Easy password hash migration from MD5 to BCrypt.

Many legacy production systems still use non-salted MD5 function for password hashing. These hashes are usually stored in the database and used for user authentication. The problem is that non-salted MD5 hash is no more secure today. There are so-called rainbow tables (precomputed MD5 hashes for word dictionaries) that can be used for easy reverse lookup.

Sunday, June 5, 2016