Is there a way to convert sha256 to md5 hashing

Question

I'm trying to import users credentials from one database schema to another one without users needing to create a new password, So first user table (the one I need to import to the new site) uses sha256+salt(I think) and my new site is using md5+salt (I think) I have access to all files and stuff so I could locate the salt that's being used if I can somehow reverse engineer the sha256 to make it md5?

Is there a way to do this? if so how would I approach it? an example of the password would be:

old site: e3e922af8a36de975983b075b3bf5336bbb26c8008aa5d9b39aef8d85cb7eb32

new site: $S$Dbj.yBTjHV97QNLHwuoykWxzpNL9bxxFl4b8uoP1u1rJzCyDZb.e

I'll appreciate any input, Thank you!

Update: new site uses base64encode + salt which I know what is, just to be clear I'm not trying to actually be able to see their password in plain text, Can I convert sha256 -> base64encode with some mysql commands or something if I know the salt?

Answer 1

Unless you're prepared to crack their password, no, you can't convert as SHA2-256 hash to an MD5 one. You need to know the content that generated the hash in the first place.

When migrating from one hashing type to another the best plan is to normalize all your password hashes into a consistent form first and the Modular Crypt Format is the most widely supported.

If you can wrangle your old hashes into that form then you should be able to use them with password_verify. You can also update user passwords as they log-in by re-writing them with password_hash which uses Bcrypt by default.

Over time you can stomp out old SHA2-256 and MD5 passwords and limit your exposure.