Moving from MD5 to SHA-512

[Mudsaf]

Hello, i wan't extreme security on my website. How to convert MD5 protected data to SHA-512?

[Ingolme]

There is no secure way to do it. If you wanted to SHA-512 encrypt the password that would mean you have to first decrypt them from MD5 which isn't possible.

 

An insecure solution would be to SHA-512 encrypt the MD5 passwords and then MD5 all new passwords first before encrypting them, but that would be equally as insecure as MD5 because the number of possible different combinations is the same, so you might as well not SHA-512 them at all.

 

The best thing to do would be to set all your users to password recovery mode in the database and then ask them to create a new one to continue using the site. I know this happened to one site I was on a few years ago.

[Mudsaf]

Ah, that sounds good. Have to start developing the script when i'm ready.

[justsomeguy]

The way I change password encryption schemes is that I include a password version field in the database. When a user tries to log in it checks which password version they are using, and loads the password class that corresponds to that version. If they are not on the current version (the current version is defined in the application config file), then after validating the password it will encrypt it with the current algorithm and save the new hash and update their password version. So people who never log in will continue to have the old version, but as people log in their hashes get updated.

 

Make sure to include a unique salt for each user, and maybe think about using multiple hashing algorithms that you run thousands of times. The point is to make it take a bit of time to calculate the hash, so that it becomes expensive if they want to try and brute force your password database.

 

Here's a slightly modified version of one of our hashing algorithms, for example. It will loop over 7 different hashing algorithms and use substr to inject the salt at various points in the previous hash. By default it loops 10,000 times. On our servers it usually takes between .1 and .25 seconds to calculate a hash.

 

 

<?php/*  Password hashing version 3  multiple rounds of SHA-512, SHA-256, RIPEMD-320, HAVAL-256, GOST, WHIRLPOOL, and SNEFRU, with given salt  128 characters*/class lms_passwordhash_3 extends lms_passwordhash{  public function __construct()  {    $this->version = 3;  }   public function hash($str, $salt = '')  {    $algos = array('sha512', 'ripemd320', 'haval256,5', 'whirlpool', 'snefru', 'sha256', 'gost');    $rounds = 10000; // 10,000 rounds should take from .1 to .25 seconds    if ($salt === '')      $salt = hash('sha512', $str);    for ($i = 0, $a = 0, $s = 0; $i < $rounds; $i++)    {      $start = substr($salt, 0, $s);      $end = substr($salt, $s++);      if ($s > strlen($salt)) $s = 0;      $algo = $algos[$a++];      if ($a >= count($algos)) $a = 0;      $str = hash($algo, $start . $str . $end);    }    return hash('sha512', $str);  }}