hi
I have a page for registration in my site
in this page after validation form I cashed password of user by function md5 and
then this hashed password save in database
I want to recycled the password
of user for while the user forgot password
and then mail to email user that entered at the time registration
How do I recycle this hashed password
so the password must be readable for user?
thanks alot
3  1414  @oranoos3000
In short: you can't. You're using a hash, which means it's a one way street. Passwords should never be human-readable, not by or anyone. If they've lost their password, send a new, randomly generated password to their email account.
Well, there is a way but the effort involved may not be worth your while (not to mention your computing resources 'while'.
Using a hash table (excuse the pun) of precomputed hashes (say every possible alpha-num combination up to 9 characters - same as your password policy) that use the string that produced a given md5 hash item as its index/key, you could then compare the lost password hash with the precomputed hash table and the matching hash in the hash table would return the users password (it would be the hash tables index/key), for after all a hash table is simply a 1-dimensional associative array.
This is known as a rainbow table. After the time spent producing the table is complete, the matching (reversing) of a user's password hash could be done in about 1/2-1 hours for one lost password on say, your average desktop PC (this is an extremely rough guess based on 128 bit md5, the definition of "average desktop PC", and assumptions on the way things would be coded/implemented that are swirling about in my head).
In crypto-speak the comparisons in the hash table that match, are known as collisions. You could also combine your collision detection algorithm with a birthday function (search probability theory or birthday attacks for info) you could then, on average reduce the time it takes to deduce a users lost password and in turn e-mail them the result in a semi-variable-reasonable amount of time. :) I need mention that all the original user password hashes should not contain a salt and be passed over only once by md5.
So I guess I'll have to conclude: can you reverse an md5 hash? yes. Is it practical given your context: maybe/for you to decide. AND: Yes, I know. Technically speaking the hash is not being "reversed" in of itself, but the end result is the same.
I'll change my answer.
In short: you shouldn't. You, as a webmaster, should respect your users privacy.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: arktikturtle |
last post by:
Hi! I'm looking for a way to validate a password within PL/SQL. I want to
write
CREATE PROCEDURE change_password(old_password IN VARCHAR2)
IS
BEGIN
-- check if old_password is correct... but...
|
by: Max |
last post by:
Hello all,
I am trying to protect a page within my site with a JS password
scheme.
Now I know JS can be quite easily "circumvented", but I came by a code
below.
My question is:
1. Is there...
|
by: frizzle |
last post by:
Hi there,
I've read in a few places that you should *never*
store original passwords in a mySQL DB.
Now i wonder if you encrypt it (with MD5 ?), how should
i create a lost password function,...
|
by: jrefactors |
last post by:
I want to ask how password is stored and how to check the
authentication?
I have heard password is never encrypted and decrypted, but it is
hashed.
For example, consider a simple email logon...
|
by: dcrespo |
last post by:
Hi all,
I have a program that serves client programs. The server has a login
password, which has to be used by each client for logging in. So, when
the client connects, it sends a string with a...
|
by: Mark |
last post by:
We're going to use impersonation in our web.config file to connect via
windows authentication to a SQL Server on the same domain. We'd like to
hash the password rather than store it in plain text...
|
by: Dino M. Buljubasic |
last post by:
I am storing encrypted password in registry and using it then to log on my
application. However, my objConn.Open(str_connecton_string) crashes the
application if I use the encrypted password.
...
|
by: Declan Barry |
last post by:
Hi all..
Does anyone have a php script that would allow me to encrypt the
contents of a txt file?
I have an excel file which has a list of usernames and generated
passwords. What I would...
|
by: Ben |
last post by:
Hi,
when a password is sent to the user via email with the PasswordRecovery
control, is it sent in "clear" even if the password is hashed or encrypted?
Thanks
Ben
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
