Question

Switch SSHA256 to BCrypt

0

Hi, Can I in an existing application and 1K+ users switch the hashing algorithm from SSHA256 to BCrypt? Obviously I can change it in the model, but will it work in the end? Is it technically possible at all without knowing the plaintext password? Regards, Paul

asked 2016-10-28

Paul Poetsma

2 answers

Paul Poetsma · Answer 1 · 2016-10-28

Anwering my own question:

Why not create a test project? The password is stored with a hashing algoritm hint in the database. Existing passwords stay intact but new and updated passwords are hashed with the selected (see Settings - Hash algoritm) password.

So it works fine to change the algoritm but existing passwords are not updated automatically. And I think that the latter is not possibele at all.

Tarun Navadia · Answer 2 · 2024-06-26

Switching from SHA256 to Bcrypt is possible. The only downside is that the users created before the switch will have their passwords stored using SHA256 and the new users created after the switch will have their passwords stored in Bcrypt.

I tested this and it works fine for both the user roles to login.

The downside of this is that the old algorithm will still be in use and the only way to fully migrate to the new algorithm is not re-create users.