I have a popular app that i inherited where the users credentials are sent bare over the wire to an authenticating end point. Now i have a task to 'hash' the credentials to prevent man in the middle attacks etc. as you now https was compromised a little while ago so anything is possible and being secure is better.
Now, imagine if i md5(password) then since its one way i cant decrypt at the authenticating end point. This means that all the current users would have to reset there password so i could hash it again.
What is the best approach in this matter to handle the case where users password was not encrypted in the beginning but now should be ?
The best approach is to fix your TLS setup. If you cannot trust your TLS connection, you cannot really trust anything that runs in the browser either.
As you still confuse MD5 with encryption, I would seriously advice you against creating your own password hashing protocol.