What is the main motivation to use bcrypt?

[Joshua Partogi]

Dear all,

I just realised that the latest uses bcrypt as the default encryptor,
what is the main motivation to switch to bcrypt from sha1? What would
be the best approach to migrate a running data to use bcrypt?

Thank you for your help.

Regards,
Joshua.

--
http://twitter.com/scrum8

[José Valim]

http://codahale.com/how-to-safely-store-a-password/

Unfortunately, there is no way to migrate the current data to bcrypt.

--
José Valim

Director of Engineering - Plataforma Tecnologia
Know more about us: http://plataformatec.com.br/en/

[Nat Budin]

This might be slightly crazy, but what if you move the existing hashes to a different column name, and alter the strategy to fall back to the legacy password column?  Then after all your users change password once (which would hash the new password with bcrypt), you can drop the legacy column.

Nat

[nofxx]

Let me ask before cloning devise to try:
Anyone did the migration process? Don't need an extra column, just
rescue bcrypt with sha,
if the login succeds, update the pass and salt with bcrypt ones.

On Jun 20, 9:05 pm, Nat Budin <natbu...@gmail.com> wrote:
> This might be slightly crazy, but what if you move the existing hashes  
> to a different column name, and alter the strategy to fall back to the  
> legacy password column?  Then after all your users change password  
> once (which would hash the new password with bcrypt), you can drop the  
> legacy column.
>
> Nat
>

> On Jun 20, 2010, at 6:38 PM, José Valim <jose.va...@gmail.com> wrote:
>
> >http://codahale.com/how-to-safely-store-a-password/
>
> > Unfortunately, there is no way to migrate the current data to bcrypt.
>

> > On Mon, Jun 21, 2010 at 12:30 AM, Joshua Partogi <joshua.part...@gmail.com