[wglb]

When is it easy to retrofit later?

There is a third way that is not poison:

No need to reset the passwords at one fell swoop.

When you decide to do a new password storage function:

New users get the new hash right away.

Calculate the new hash and the old hash when the user next logs in.

If the old hash matches, the user has logged in, and now calculate the new hash and store it over the old hash in the table. Perhaps make a note in a separate column that the hash has been converted.

Eventually, when all users have refreshed their passwords, quietly remove the old way.

Zero user involvement.

[Stefan_H]

When I say "Add in interoperability of hashing functions", that is pretty much exactly what I mean. I realize I left out the specific method for converting the hashes over. And your separate column for when the hash has been converted is the equivalent of my suggesting for a HashVersion column. Also, you will likely never be able to "quietly remove the old way" because not all of your users are guaranteed to log in again. But yes, the idea would be to verify against the old hash, save the new hash when the user logs in.