Going from unsalted to salted MD5 passwords

Question

I have a LAMP (PHP) website which is becoming popular.

I played it safe by storing the user passwords as md5 hashes.

But I now see that\'s not secure; I should h

Answer 1

sadly, your only way is to tell your users to renew their passwords.

you could also generate random passwords, but that is the same hassle.

edit

you could just double encode your stored passwords. so your new salted hashing algorithm would be:

md5(md5($new_password).$salt).':'.$salt

to update your old passwords use

md5($old_password.$salt).':'.$salt

to check if a provided password is correct simply use

list($stored_password, $salt) = explode(':', $salted_password);
if(md5(md5($provided_password).$salt) == $stored_password) {
  // you are now logged in
}