SitePoint Sponsor

User Tag List

Results 1 to 9 of 9

Thread: Hash, password

  1. #1
    SitePoint Evangelist
    Join Date
    Jun 2004
    Location
    ny
    Posts
    560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Hash, password

    Hi fellows.

    I am trying to put a hash password to its original format when a user request "remind me of my password" how i will do that.

    Thank u all.

  2. #2
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,347
    Mentioned
    63 Post(s)
    Tagged
    3 Thread(s)
    pretty sure you cannot

    you'll need some other reminder mechanism
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  3. #3
    SitePoint Guru
    Join Date
    Jul 2005
    Posts
    609
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rudy's right, a hash is one way, cannot be undone. If you want to be able to decrypt the users password, use the encrypt/decrypt functions. You could also have a "reset" option instead of "remind", which verifies by some other means that the user is legit, and then lets them change their password.

  4. #4
    SitePoint Evangelist
    Join Date
    Jun 2004
    Location
    ny
    Posts
    560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Then hashing sucks..

  5. #5
    SitePoint Guru
    Join Date
    Jul 2005
    Posts
    609
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The purpose of hashing is to come up with a non-reversable result. Now if your database is stolen, it's more difficult to get those passwords back without knowing how you hashed them, and what, if anything, was added to the hash value. Hashing also has other uses such as comparing file hashes (checksums) to make sure that it has not been changed.

  6. #6
    SitePoint Evangelist
    Join Date
    Jun 2004
    Location
    ny
    Posts
    560
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you for the enlighment. I tried encrypt/decrypt ..doesnt work. I tried to retrieve a password "voz" using decrypt it shows as "vYz"..isnt that weird..

  7. #7
    SitePoint Guru
    Join Date
    Jul 2005
    Posts
    609
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Did you use the same encryption type and key for both? Can you show your code?

  8. #8
    SitePoint Wizard mcsolas's Avatar
    Join Date
    Jul 2004
    Location
    Hermosa Costa Rica
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by emmim44
    Then hashing sucks..
    For passwords, it seems to work better than encyption. I *just* converted my crmercado site over.

    I learned that you need to have the admin pages able to reset user passwords. That was step 1, then I could email people the new password and suggest they login and change it.

    Next on the agenda is finishing my system that will email users a link that they can click and reset the password. A recent question I posted on EE has a bit more discussion on the subject ( and code as well ) to help you get that feature going.

    Edit: forgot to explain why I said "work better than encyption"

    Imagine your harddrive is stolen and an outside party finds your database & encryption key .. game over.

  9. #9
    SitePoint Guru
    Join Date
    Jul 2005
    Posts
    609
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Wooohoo, I got the assist points on that answer


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •