php - Verifying MD5 passwords using password_verify() -


is there way convert md5 password can verified password_verify()?

i read on crypt wikipedia page "the printable form of md5 password hashes starts $1$."

hence give shot (without luck):

$password = "abcd1234"; $md5hash = "$1$".md5($password); var_dump(password_verify($password, $md5hash)); 

is there way make password_verify() work md5 passwords?

reason question: have old system passwords stored md5 hashes. want start using more secure password hashing api. if i'm able convert existing password hashes works password_verify(), can update database entries (prepend $1$ password hashes), , program work beautifully using following code (i don't have make special case old md5 passwords):

$password; // provided user when trying log in $hash; // loaded database based on username provided user if(password_verify($password, $hash)) {    // following lines both update md5 passwords    // , passwords whenever default hashing algorithm updated    if(password_needs_rehash($hash, password_default)) {       $hash = password_hash($password, password_default);       // store new hash in database    }    // user logged in } else {    // user not logged in } 

you can't that.

what can hash already md5-hashed passwords via password_hash() , put additional flag these old passwords in database, know double-verify them afterwards.

some sample code:

 $passwordcompare = ($passwordisoldflag === true)     ? md5($passwordinput)     : $passwordinput;  if (password_verify($passwordcompare, $passwordhash)) {     if ($passwordisoldflag === true)     {         $passwordnewhash = password_hash($passwordinput, password_default);          // here, you'd update database new, purely bcrypt hash         // , set passwordisoldflag 0     } } 

note: md5 produces 32 character length string, while password_hash() minimum of 60.

read manual:

if , when decide use password_hash() or compatibility pack (if php < 5.5) https://github.com/ircmaxell/password_compat/, important note if present password column's length lower 60, need changed (or higher). manual suggests length of 255.

you need alter column's length , start on new hash in order take effect. otherwise, mysql fail silently.


Comments

Popular posts from this blog

qt - Using float or double for own QML classes -

Create Outlook appointment via C# .Net -

ios - Swift Array Resetting Itself -