security - Converting md5 password hashes to PHP 5.5 password_hash()

Question

The new password_hash API in PHP 5.5 is nice and I'd like to start using it everywhere. Given an older project with an older database where passwords are stored in md5 hashes, what is the best way to go about migrating old user passwords to the new, more secure API?

Apart from simply prompting users to reset their password upon next login (this is impractical and annoying for users) I've thought about the possibility of using current md5 hash as the input to password_hash() for all my existing users. To verify passwords for these users (during login), I'd convert their input to an md5 hash and then use that to password_verify(). New users would be spared this extra step.

Is this a worthwhile way to go about this? Are there any better ways for transparent migration in which users are not nagged about password resets yet I can immediately enjoy the benefits of more secure hashing?

Most importantly, is there even a security benefit in taking existing md5 hashes (which are prone to brute force) and using the password_hash() API to "double-hash" it?

Answer 1

In your login.php (?) you convert the old passwords from MD5 to bcrypt and replace the old MD5 hash in the database with the new one.

Pseudo code:

$password = $_POST["password"];

if (substr($pwInDatabase, 0, 1) == "$")
{
    // Password already converted, verify using password_verify
}
else
{
    // User still using the old MD5, update it!

    if (md5($password) == $pwInDatabase)
    {
        $db->storePw(password_hash($password));
    }
}

Double hashing would not increase the security of bcrypt, as bcrypt itsef is a one-way hashing function.

Nota: MD5 produces a 32 character length string, while password_hash() is a minimum of 60.

Read the manual:

• http://php.net/manual/en/function.password-hash.php

If and when you do decide to use password_hash() or the compatibility pack (if PHP < 5.5) https://github.com/ircmaxell/password_compat/, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.

You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.