Additional experiments suggests a mass password migration is not feasible. With the current iter_count (work factor) of 10, hashing takes .1 seconds. In a database with 1 million patrons, this would take ~27 hours to complete. Plus, we probably want a larger iter_count, one that takes about a second to calculate (iter_count "14" on my server) for increased security. That would take about 11 days.
I'll plan to rework the code to support real-time migration. With this, we still have the option of performing batches of password migrations, e.g. via cron after hours, to ensure that all passwords are eventually migrated.
Additional experiments suggests a mass password migration is not feasible. With the current iter_count (work factor) of 10, hashing takes .1 seconds. In a database with 1 million patrons, this would take ~27 hours to complete. Plus, we probably want a larger iter_count, one that takes about a second to calculate (iter_count "14" on my server) for increased security. That would take about 11 days.
I'll plan to rework the code to support real-time migration. With this, we still have the option of performing batches of password migrations, e.g. via cron after hours, to ensure that all passwords are eventually migrated.