On 22.12.2011 12:54, John Doe wrote: > From: Reindl Harald <h.reindl at thelounge.net> > >>> are they automatically "converted" (rehashed) to SHA512? >> this is technically impossible on any system and in any context >> the definition of a hash is NOT INVERTABLE and you would need >> the plaintext-version to generate another hash type > > By rehashed I meant 2 layers of hashing... > You sha512 the old md5 hash while keeping the knowledge that it was an md5 hash. > So, when the user enters its passwd, it would be md5 hashed and then sha512 hashed and compared... this does not make any sense or differene and would decrase security keep in mind that hashes normally contain only [a-z][0-9] if you store the knowledge you have no need to convert if you have a secure password like "y*!#Anf&%" your hash has no longer special-chars and uppercase-letters, hashing this again would result in a less secure one with more possible collisions -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20111222/238d1821/attachment-0005.sig>