Page 1 of 1
sha1 to text
Posted: Mon Aug 09, 2010 2:03 am
by kumanan.c
Hi,
i used sha1 encryption algorithm to compressing my password and store this values to database, if the user forgot his password, then i need to send him back the original password, not a compressed password, how can i convert sha1 type values to text like
(e.x)
input password="123456"
sha1 compression="7c4a8d09ca3762af61e59520943dc26494f8941b"
i want my original values back like ="123456"
thanks in adv.
kumanan.c
Re: sha1 to text
Posted: Mon Aug 09, 2010 2:07 am
by Mordred
In general, you can't. That's one of the requirements of cryptographic hash functions like sha-1.
For implementing "forgot password" recovery, instead of sending back his old password, generate a new one and send it instead.
sha1 to text
Posted: Mon Aug 09, 2010 2:23 am
by kumanan.c
Oh,
thanks my friend for u r kind replay, if they are ask forgotten their password i will just reset and generate random password and give it to him, correct!
thanks
kumanan.c
Re: sha1 to text
Posted: Tue Aug 10, 2010 4:46 pm
by Gargoyle
just to expand, you're confusing encrypting and hashing.
craig has another great blog post about that:
http://www.thelampblog.com/2010/07/31/p ... s-hashing/
Re: sha1 to text
Posted: Thu Aug 12, 2010 1:55 pm
by Sephern
Alternatively, instead of sending them their new password in an email, generate an alphanumeric, multi-character ID and store it in the database, then email them a url containing the ID. Compare the URL to the database ID, to verify that it's a correct ID. Then compare the date/time the user visits the url compared to when the email was generated. If its within a reasonable amount of time give them a form to reset the password. Otherwise, show an error and generate a new id to send to them.
When done, delete the ID from your database.