From: Reindl Harald h.reindl@thelounge.net
By rehashed I meant 2 layers of hashing... You sha512 the old md5 hash while keeping the knowledge that it was an md5
hash.
So, when the user enters its passwd, it would be md5 hashed and then sha512
hashed and compared... this does not make any sense or differene and would decrase security keep in mind that hashes normally contain only [a-z][0-9] if you store the knowledge you have no need to convert if you have a secure password like "y*!#Anf&%" your hash has no longer special-chars and uppercase-letters, hashing this again would result in a less secure one with more possible collisions
I know all the security implications... My post was about transparent backward-compatibility. Anyway, it works.
Thx, JD