Dmitry, will we act here or just sit and wait while in-portal website database could be stolen from weakly protected (or just hacked) server and client passwords will be decrypted?
We can't do mass password re-hashing using new scheme because we don't have plain text password to start with, but I see it like this:
- we add PasswordHashingMethod column to Users database table and set "md5" to all existing users
- when user login they type plain-text password (obviously) and at that time we look if user has current password is hashed using "md5" and if so:
- take plain text password user entered and hash it using whatever new scheme we choose (e.g. salted bcrypt)
- put new hashing method into
PasswordHashingMethod field value of user record.
This way eventually all user passwords, who at least login to website will be rehashed securely. If users don't login to website at all then we obviously don't care about they password being secured the proper way.
We of course would need kPasswordFormatter class to be able to work with new hashing method and it's up to use to choose what password hashing scheme he needs. Of course by default we set it to maximal security one, but if for some reasons user passwords needs to be stored using just "md5" (as now) even without salt then we can allow this too.