How to upgrade a password storage scheme (change hashing-algorithm)

Question

I\'ve been asked to implement some changes/updates to an intranet-site; make it \'future proof\' as they call it.

We found that the passwords are hashed using the MD5

Answer 1

Since you don't know plaintext password, maybe you should to create a field which indicates encription version (like PasswordVersion bit default 0)

Next time user tries to log in, check hashed password using current algorithm version, just like you do today. If it matches, hash it again and update PasswordVersion field.

Hopefully you'll not need a PasswordVersion column bigger than bit. =)