How do I convert password hashing from MD5 to SHA?

Question

I\'ve got an old application that has user passwords stored in the database with an MD5 hash. I\'d like to replace this with something in the SHA-2 family.

I\'ve tho

Answer 1

You can convert all your MD5 Strings to SHA1 by rehashing them in your DB if you create your future passwords by first MD5ing them. Checking the passwords requires MD5ing them first also, but i dont think thats a big hit.

php-code (login):

prev: $login = (md5($password) == $storedMd5PasswordHash);

after: $login = (sha1(md5($password)) == $storedSha1PasswordHash);

Works also with salting, got the initial idea from here.