[Catalyst] Migrate from SHA hashed passwords to Bcrypt crypted passwords

Pavel Karoukin hippich at gmail.com
Mon Jul 11 22:06:36 GMT 2011

On 07/11/2011 10:34 AM, Mark Blackman wrote:
>> 2) How I should update my application to have first check against new hashing algorithm and if password returns incorrect, try old one (SHA)? Should I do it through realms, or just check password in my authentication controller directly instead?
> I'd define two realms in your configuration for each password type and then attempt authentication against both realms.

How does realm work when saving user? Ideally, I would like to try
authenticate user against Bcrypt, if it fails - try SHA and if it
success - ask user to change password which will be saved in Bcrypt realm.

How I can instruct it to save new password as Bcrypt hash if user logged
in with SHA-hashed password?


More information about the Catalyst mailing list