That's not going to be easy, not to mention would break with every upgrade. You need to take better steps to protect your users data in the first place. If someone can get into the system with enough time and effort they can still decrypt passwords.
also understand that they did not unhash the passwords. They used brute force of trying hundreds of thousands of combinations to break the md5 hash. Its not something you just click a button on and find the right combo.
If your database were better protected in the first place, he wouldn't have been able to access it, and get the data to try to hammer on.
|