{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 甜甜的少女心 的问题《Rehashing passwords without asking all users to ch》','https://www.manongdao.com/q-985567.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
A former developer used the PHP hash() function with the SHA256 algorithm to store password hashes. To improve the security of the system, I'd like to start using crypt() with the Blowfish algorithm (unfortunately we don't have PHP 5.5 and thus password_hash() is not available).
Since SHA256 is a non-reversible hashing algorithm, is there a way to start using crypt() with the salted passwords without asking everyone to reset their password?
There may be other faster and more efficient ways to do this, but if you want to do this without it affecting your users, this is how I would do it -
Add another column to your table, a basic flag that can go True or False. Default it to false. Then implement the following pseudocode :
Essentially it check if the password is updated or not, and updates it if it isn't. You can eventually take this function off, once your users have made the transition. But as it adds almost no load, I would recommend keeping it!
Its a bit roundabout, but it will have the minimal amount of work for your users to do, and it will run in the background without giving them any indication of it happening!