Last modified: 2014-10-20 05:48:35 UTC
With PBKDF2 being deployed, if and only if it seems to be working OK for a short while, we should reset the user tokens of users with MD5 hashes, thus forcing them to re-login and update their hashes. (We can also do this in batches to avoid a massive number of simultaneous hashing being done.)
It would be nice if we could wrap them in another hash instead of trying to force a login. I'd rather not have the hash in our DB at all. From what I remember, there's a reason the script had issues doing that, but I don't remember why..
Is the wrapOldPasswords.php script useful for this purpose?