I have a php site with several thousand users that is using PHPass for password hashing. I've written a new Rails site that is using Devise for authentication. I'm trying to seamlessly migrate users over to the new rails site. Does anyone know a way I can migrate their passwords over to the new site?
I originally thought it would be as simple as copying a salt over, but clearly it's not that simple.
I found this question/answer, but I can't figure out what my PHPass salt is, and how I would use that to translate the passwords into something Devise can understand.
Any help is really appreciated!
Reading the code, it seems to encrypt the the salt and the hash together. So you'd have to write some custom code in ruby to mimic their hash, salting, and then encrypting to match to password.
I would take a slightly different approach.
I would use this as an opportunity to clean house. I'd import just the users, and then when you are ready for the switch over, send out an e-mail to your users that you've upgraded the security of you system, and b/c of that you need they will need to reset their passwords, and then provide them with a one-time link to reset their passwords.