|
|
|
|
|
|
by kmfrk
5128 days ago
|
|
|
In Django, as I recall, you just check for a hashing indicator that's prefixed to the hashed password, and do something like this on a user's log-in: if hashed_password.startswith("sha$"):
hashed_password = bcrypt(hashed_password)
(or `... = "bc$" + bcrypt(hashed_password)`. However it's done.)Here is the relevant code for django-bcrypt: https://github.com/dwaiter/django-bcrypt/blob/master/django_.... In your case, you could probably do this: if not hashed_password.startswith("bc$")\
and sha(entered_password) == hashed_password:
hashed_password = "bc$" + bcrypt(entered_password)
You don't have the prefix identifier, but that's okay; you just roll out an equivalent now instead, so you only have to check the start of the hash string and do the conversion, if it hasn't already been performed.Of course, you have to account for the prefix identifier when validating an entered password against the stored hash. YMMV. |
|
|