Hacker News new | past | comments | ask | show | jobs | submit login

They could update hashes on login if needed. So i guess its something they don't want to talk about



True point.

That's normally how you'd do a hashing upgrade

* decide an upgrade window

* each time a user logs in check their hash version, upgrade if necessary

* the upgrade period expires

* if you can, force log out all non-upgraded users - hoping they'll now log in and get auto-upgraded

* email all non-upgraded users and ask them to update their password

Hopefully that set of users is now very small.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: