我有一个旧的应用程序,使用MD5散列将用户密码存储在数据库中。我想用SHA-2家族中的某些东西来代替它。
我想到了两种可能的方法来完成这个任务,但都显得相当笨拙。 / p>
1)添加一个布尔标志字段。用户第一次在此之后进行身份验证时,请将MD5密码哈希替换为SHA密码哈希,并设置标志。然后我可以检查标志以查看密码散列是否已被转换。
2)添加第二个密码字段以存储SHA散列。用户第一次在此之后进行身份验证时,使用SHA对密码进行散列并将其存储在新字段中(可能同时删除其MD5散列)。然后我可以检查SHA字段是否有值;这基本上就是我的标志。
在任何一种情况下,对于任何不频繁登录的用户,MD5身份验证都必须保留一段时间。任何不再活动的用户都不会切换到SHA。
有没有更好的方法来做到这一点?
解决方案基本上相同,但可能比添加额外字段更优雅:在 Django ,密码散列存储为如下所示的字符串:
hashtype $ salt $哈希哈希类型是sha1或md5,salt是一个随机字符串,用于限制原始密码,最后是散列本身。示例值:
sha1 $ a1976 $ a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4
I've got an old application that has user passwords stored in the database with an MD5 hash. I'd like to replace this with something in the SHA-2 family.
I've thought of two possible ways to accomplish this, but both seem rather clunky.
1) Add a boolean "flag" field. The first time the user authenticates after this, replace the MD5 password hash with the SHA password hash, and set the flag. I can then check the flag to see whether the password hash has been converted.
2) Add a second password field to store the SHA hash. The first time the user authenticates after this, hash the password with SHA and store it in the new field (probably delete their MD5 hash at the same time). Then I can check whether the SHA field has a value; this essentially becomes my flag.
In either case, the MD5 authentication would have to remain in place for some time for any users who log in infrequently. And any users who are no longer active will never be switched to SHA.
Is there a better way to do this?
解决方案Essentially the same, but maybe more elegant than adding extra fields: In the default authentication framwork in Django, the password hashes are stored as strings constructed like this:
hashtype$salt$hashHashtype is either sha1 or md5, salt is a random string used to salt the raw password and at last comes the hash itself. Example value:
sha1$a1976$a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4
更多推荐
如何将密码哈希从MD5转换为SHA?
发布评论