Y
Hacker News
new
|
ask
|
show
|
jobs
by
SahAssar
2565 days ago
I don't think that'd work in this case since the SHA-1 was salted, so you'd need to store the SHA-1 salt in a separate column, then calculate Bcrypt(SHA-1(input + salt)), right?
2 comments
msbarnett
2564 days ago
Obviously they had to be storing the salt to begin with, so yes you’d keep using that salt column and use user input+salt as the input to SHA-1.
link
CiPHPerCoder
2565 days ago
The legacy_password flag can also be a text field containing a salt. If it's empty, you have a non-legacy password.
link