Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCAD > Decrypting an encrypted password

Reply
Thread Tools

Decrypting an encrypted password

 
 
ChigbuaUmuenu
Guest
Posts: n/a
 
      10-30-2006
I encrypted user passwords on sql server 2005 using SHA1. A user of the site
forgot his password and requested for it. How do I decrypt the password.
--
Okoronkwo Chinedu
Nigeria
 
Reply With Quote
 
 
 
 
igotyourdotnet
Guest
Posts: n/a
 
      10-30-2006
don't give him his current password, generate a new random pwd then have him
reset it once he logs into the web site.

I store my pwd the sameway in my db (SHA1) but if the use forgets the pwd, i
take them to a 'forget password' page, have them enter in a few security
questions they defined when they setup their ID, then send them a temp random
password. Then when they login to the site with that pwd, i then force them
to change it to a new one. I never give out a password a user request because
you have no validation if that is the actual user or not.


"ChigbuaUmuenu" wrote:

> I encrypted user passwords on sql server 2005 using SHA1. A user of the site
> forgot his password and requested for it. How do I decrypt the password.
> --
> Okoronkwo Chinedu
> Nigeria

 
Reply With Quote
 
 
 
 
Cerebrus
Guest
Posts: n/a
 
      10-31-2006
Just one thing to add to what "igotyourdotnet" said:

Hash algorithms like SHA1 are one-way algorithms, that is to say that
you can compute a hash from a given string, but you cannot (it is
extremely difficult) reconstitute the string back from the hash. That
is whole purpose of the hashing. Therefore the suggestion by
"igotyourdotnet" is perfectly valid, you will need to generate another
password and send it to him. Then he can use it to login, and change it
at his leisure.

 
Reply With Quote
 
ChigbuaUmuenu
Guest
Posts: n/a
 
      11-03-2006
That's my implementation for now. i.e sending them a randomly generated
password. However I feel that a decryption algorithm should exist for SHA1
and still it will not loose its security features.
May be, we should take a research on that.
--
Okoronkwo Chinedu
Crazy About Learning


"Cerebrus" wrote:

> Just one thing to add to what "igotyourdotnet" said:
>
> Hash algorithms like SHA1 are one-way algorithms, that is to say that
> you can compute a hash from a given string, but you cannot (it is
> extremely difficult) reconstitute the string back from the hash. That
> is whole purpose of the hashing. Therefore the suggestion by
> "igotyourdotnet" is perfectly valid, you will need to generate another
> password and send it to him. Then he can use it to login, and change it
> at his leisure.
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypted using openssl executable, decrypting with ruby's OpenSSLmodule? Lloyd Zusman Ruby 1 07-29-2009 03:46 PM
Store encrypted password in database kebabkongen@hotmail.com Java 4 03-22-2006 06:29 AM
Encrypting/Decrypting Password from a Config File michael.santamaria@gmail.com Java 35 11-09-2005 06:58 PM
Decrypting DES encrypted text data from C/C++ using libcrypto (openssl) root@127.0.0.1 Java 1 10-14-2005 11:32 PM
Decrypting Files - Forgotten Password... CPTK Computer Support 7 06-11-2005 12:16 AM



Advertisments