I want to change my SHA512 shadow file to use bcrypt as shown in this question/answer: Enable blowfish-based hash support for crypt
The problem is that i run into a chicken and egg problem, because the existing shadow-file is SHA512 encrypted, which means sudo doesn't work anymore as soon as i edit
/etc/pamd/common-password
You hashed password entries also have formatting information in them.
"$id$salt$encrypted", where "$id" is the hashing algorithm used (On GNU/Linux, "$1$" stands for MD5, "$2$" is Blowfish, "$5$" is SHA-256 and "$6$" is SHA-512, crypt(3) manpage, other Unix may have different values, like NetBSD).
If your users' passwords have a time-based expiry, they'll eventually have to update them and the new hash will be in the format you've chosen. The system can tell which format passwords hashes are in per user, so things will keep working as passwords are updated over time.
As it also says in the answer you reference:
Passwords that are updated after these modifications are made will be hased using blowfish, exising shadow passwords are not modified
The nature of one-way password hashing makes it impossible (or nearly impossible) to reverse the hashes back into plaintext for the purpose of re-hashing them into blowfish or any other one-way hashing algorithm. However, it's my understanding that your existing md5/sha512/etc passwords will still work.
