security - How to phase out a password hashing algorithm in an existing web application? -


Many people are about password in web applications, but I am facing a different problem. I know that on which I am currently working, is not safely enough (just sha1 without salt or anything), but all this change it It is difficult to suddenly.

I have to find a way to implement a new algorithm for all (± 50.000) users. I was thinking about some solutions, but none of them speaks right.

1) Adding a second column to the user table with a new password Every time when the user is authenticated, I store the password with my new hash and throw the old one. In this exercise this will mean that it will take years before sha1 steps.

1.1), but encourage users to log back into our system for a security update, but in reality it seems that accepting a (former) security vulnerability This is not for my management choice.

2) Re-authenticate all users and throw all passwords. It is very harsh, and there is also a pain for the users behind.

How do you cope with this problem?

You can extend your existing solution as the input to your new Advanced hash implementation sha1 hashes By using, where you can add salt etc. The new solution will also include shadow phase + whatever may be improved.

In this way you can calculate that you already have a new one from hash, but also improve the solution.


-

Comments

Post a Comment

Popular posts from this blog

sqlite3 - UPDATE a table from the SELECT of another one -

I have the first table article where some data is missing. In the table, articles_tmp I have a part of the missing data. So I want to update the articles. Where the path path is data in articles_tmp.path where the path is not zero . With SQLite , it does not work: update article SET path = (SELECT at.path FROM Articles_tmp as AS, WHERE at.article_id = a.id and a.asp, the text is in the form and not on. It has been transmitted) where the path is null MS Access Along with, it works fine: Update Articles Join the Inner Articles at articles_tmp articles.id = articles_tmp.id SETP articles.path = articles_tmp.path Can anyone help? Sin CE SQL Server Syntax, which I provided, was not working, here this solution With whom I have come. A little modification of your original query, but with my "correlation" suggestion added. There is a SQL Bella for this: Here is the code: update article SET path = (SELECT path from articles_tmp AS T WHERE t.id
Read more

c# - Showing a SelectedItem's Property -

So I have enabled a rightclick option for my DataGrid. I want to display the only chosen property but it is not behaving like what I would like it to display my name and additional. Public category Paymentinfo {public int PaymentNo {get; Set; } Public string date {get; Set; } Public Double Pay {get; Set; } Public Double Principle {get; Set; } Public Double Interest {get; Set; } Public Double Balance {Received; Set; }} Private Zero MenuItem_OnClick (Object Sender, RoutedEventArgs e) {MessageBox.Show (AmortGrid.SelectedItem.ToString ()); } I'm trying to apply it without using a View Module! If I place a breakpoint where the messagebox and the recipient place it on selected ITEM, then this property will display the payment. A date-payment-principle-interest-balance is the only value that needs payment. Was hoping that it would be something like this MessageBox.Show (AmortGrid.SelectedItem.PaymentNo.ToString ()); When you call ToString () So you get the class typ
Read more

javascript - Render HTML after each iteration in loop -

I'm trying to gradually increase the font size of text on a web page. The code works in my place, although the new HTML / CSS does not render after every iteration of the loop and when all this is done, then display only the text of 100 px size. To see the text as if it is slowly zooming, I need to do this JavaScript is down because it is being used from a different file here is what I have ... < Pre> & lt; P class = "game-title" style = "font-size: 50px" & gt; Test & lt; / P & gt; Function sleep (milliseconds) {var start = new date (). GetTime (); For (var i = 0; i & lt; 1e7; i ++) {if ((new date). GetTime () - start) & gt; Milliseconds {break; CSS ('font-size', 'parseInt ($ (' game-title '). CSS (' font-size ')) + 1 + "pixels"); } While (parasont ($ ('# text'). Css ('font-size')) & lt; = 100) {sleep (1000); IncreaseSize (); Using CSS: Use of jQuery (sample):
Read more