0

For one of my webapps I'm using ASP.NET MVC 5. For sometime I used default password hashing algorithm. I would like now to switch to custom hasher.

But the question is: What happens to exising data? How do I update hashes for exising users?

Improve this question

1 Answer 1

Reset to default
0

You cannot update hashes for existing users.

The only option really is to add a column to the database table indicating the hash method, and write code to support both the old and new hashing methods contingent on the value found in that column.

If you like, you can update each user's hash as they sign on individually (since that is the only time the site has the cleartext password available). But there is no way to update the hashes on a batch basis whilst offline.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.