On 2011-01-11, =?utf-8?Q?Nicol=C3=A1s_Garfinkiel?= <nicolas.garfinkiel@gmail.com> wrote:
> Violence aside, thanks for your answer. The C module is what I was
> planning to do, but was not sure if there is another way. Of course
> using crypt would be the right thing to do, but I cannot afford it, as
> users from our system can barely remember their password, let alone
> collect them and recreate them! Of course I could reset their pwds,
> but that's gonna be a hard sell to my boss.
Use a password logger to ease the trasition away from that old function.
Modify your application to collect new-style password hashes (created
using crypt() for example) when it calculates an old-style hash and
update the user record with the new hash (in a new column).
In 6 months time you'll have new hashes for everyone who uses the
application semi-regularly, the few that were missed by this should be
able to be resolved by your support team. or just send them an email
asking them to log into the application to confirm their user account.
--
⚂⚃ 100% natural
