I posted this on security forums elsewhere, as I hoped to give administrators an easy clue on how to update an unbreached database of hashed passwords without waiting for the user to login to update the hash to a new algorithm. Maybe others have done this, but I'd never seen it mentioned, so ...
Here's my approach..
I'M IGNORING SALTING FOR SIMPLICITY OF DISCUSSION ONLY.
Presume I had the initial passwords stored as:
SHA1(password)
Now, to update them I could wait for users to login, OR double hash. Yep, hash the hash. The new algorithm would then become:
SHA2-512(SHA1(password))
or to be precise with salting,
SALT^SHA2-512(SALT^SHA1(password))
This is an easy way to update existing unbreached databases with new hashing algorithms. It also increases the computation complexity at the same time, and, as an added benefit, create a unique combination of algorithms that can serve to further obfuscate the algorithm used. Later, if I need to change the hash algorithm again, I can continue to add additional hash algorithms, using a third, fourth, fifth, etc.. round of hashing the hash of the password.
It could then later be:
SALT^RIPEMD(SALT^SHA2-512(SALT^SHA1(password)))
Seamless updating of the database.