[英]Migrate SHA1 Salted Hashes To Be Encrypted by Bcrypt
I have an old application (built on .Net C#) includes Users table with hashed passwords sha1(password . salt)
, and I need to migrate this data safely to my new Rails application (which already encrypting passwords using bcrypt-ruby gem
) and looking for the best solution for this issue but with avoiding the following kind of solutions: 我有一个旧应用程序(建立在.Net C#上),其中包括带有哈希密码sha1(password . salt)
)的Users表,并且我需要将该数据安全地迁移到我的新Rails应用程序(该应用程序已经使用bcrypt-ruby gem
加密了密码)和寻找最佳解决方案, 但避免以下类型的解决方案:
I think that the best approach (as I've read) is to let users log into my new app using their old passwords (and I don't know how to do it) and then encrypt their passwords (by BCrypt) and follow the same procedure of newly registered users' password encryption in Rails app. 我认为最好的方法(如我所读)是让用户使用旧密码(我不知道该怎么做)登录我的新应用,然后(通过BCrypt)加密密码并遵循与在Rails应用程序中新注册用户的密码加密相同的过程。
I appreciate all suggested solutions to solve this issue. 感谢所有解决此问题的建议解决方案。
You're on the right track. 您走在正确的轨道上。 You need to... 你需要...
This will allow your users to migrate over time. 这将使您的用户能够随着时间的推移进行迁移。 Then at some point you decide you're going to make the rest go the 'reset password' route or at least start annoying them with email and eventually cut over to bcrypt completely. 然后,在某个时候,您决定将其余的设置为“重设密码”路线,或者至少开始用电子邮件来烦扰它们,并最终将其完全加密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.