Converting md5 password hashes to PHP 5.5 password_hash()

Question

The new password_hash API in PHP 5.5 is nice and I\'d like to start using it everywhere. Given an older project with an older database where passwords are stored in md5 hash

Answer 1

Since it is one way encryption, unless you want the users passwords on your login page, which is not secure, you can have the users reenter their passwords. The other option is to reencrypt all of the database records with password_hash() on top of their md5() hashed passwords and store those values to the database, then on your login PHP page put the password_hash() around your md5(), somewhat like:

password_hash(md5($_POST['password']));

Using the second way you don't have to have the user reset their passwords.