Encrypted passwords of not-encrypted passwords user base

Question

Some time ago I joined new project. It was under development for quite a long time. The thing that surprised me was that all users' passwords are stored in non-encrypted form.

I explained huge security vulnerabilities of this to our management - it looks like they agree with that and want to make project more secure. Team members agree too.

We have about 20K users in the system.

Actually it is quite stressful to make this work - migrate non-encrypted passwords to encrypted form. If something goes wrong it can lead to project's disaster.

How can I lower this stress? Backup? Unit-tests(integrational tests)?

Answer 1

Well, be careful with your backup because it will contain unencrypted user passwords :-)

Assuming that the passwords are stored in a database, an easy solution would go something like this:

1) Make a secure backup of the entire table data

2) Create new column (PasswordEncrypted or similar name)

3) Use an UPDATE query to update each row's new column with an MD5 of the unencrypted password while using a 32 byte or larger salt. Pretty much every database system today has an MD5 function so you won't even have to leave your SQL prompt

4) Keep the plaintext column in the interim and update your application/scripts accordingly to work with the salted password.

5) Rename the plaintext old password column to temporarily take it out of play and test your application- if there are any problems then go back to step 4 and fix your mistakes.

6) When everything is working properly drop the plaintext password column

7) Encourage users to pick a new password now that you have some level of security in place to mitigate the effects of any previous attacks which may have been successful.