Posts: 563
Threads: 59
Joined: Nov 2015
Reputation:
0
is there a way to convert all of the passwords in the database from sha1 to whirlpool not going them 1by1 because there are 1,100,000 users registered
please tell me how if possible
Posts: 10,066
Threads: 38
Joined: Sep 2007
Reputation:
0
I don't know how you would do that without first knowing the original password because it is impossible to reverse a hash (brute force/rainbow tables excluded). You can only do the conversion once a player successfully logs in and you'd need to have a transition period where you have two columns in your database: one with the original hash and one with the new hash and you've have to write some extra code that actually does the conversion. Depending on how often your users log in that transition period might span multiple week or months. You can also change the algorithm right now but then all passwords will become useless instantly and no-one will be able to log in. So if you fancy sending a password reset link to a million users you can also try that.