01-03-2015, 03:42 PM
Adding in a sha1 won't make all that much difference. Bcrypt as w00t said is clearly the way to go.
He suggested bcrypting the whole thing like
bcrypt(md5($salt) . md5($password))
But you could also just catch everyone on next login and bcrypt their password.
He suggested bcrypting the whole thing like
bcrypt(md5($salt) . md5($password))
But you could also just catch everyone on next login and bcrypt their password.