Support the ongoing development of Laravel.io →
Authentication Security

I have a database of users which have passwords stored in md5. Since Laravel uses bcrypt, I want to somehow convert md5 passwords into bcrypt passwords.

I can add column in the user table called "hasChangedPassword", and then hash the user passwords with bcrypt. The tricky part is, I don't know what salt Laravel uses to change their passwords, so I'm unable to do so.

I'd like to know your comments. Thanks!

Last updated 3 years ago.
0

you cannot convert your md5 hashes since, md5 cannot be de-crypted, you cannot read the user's passwords.

what you can do is:

  • maintain two columns in users table, old password (md5) and new password (bcrypt).
  • if a user does not have a new password setup let then login with the old password
  • ask them to change their password, and save that as the new password.
  • next time they login use the new password to login

aliraza170 liked this reply

1

Sign in to participate in this thread!

Eventy

Your banner here too?

9bits 9bits Joined 9 Nov 2016

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.