a thoughtful web.
Share good ideas and conversation.   Login or Take a Tour!
comment
iza  ·  1845 days ago  ·  link  ·    ·  parent  ·  post: Devski Update: password hashes in SQL

Aren't the old passwords vulnerable as long as the Sha1 value is still around? Does it get deleted when converted to 512?

Also, any reason you didn't switch to something like bcrypt, scrypt, or PBKDF2? Modern best practices generally recommend one of those, although for a site like Hubski Sha512 is probably good enough with proper salting.