Decrypting an encrypted password

Discussion in 'MCAD' started by ChigbuaUmuenu, Oct 30, 2006.

  1. I encrypted user passwords on sql server 2005 using SHA1. A user of the site
    forgot his password and requested for it. How do I decrypt the password.
    --
    Okoronkwo Chinedu
    Nigeria
    ChigbuaUmuenu, Oct 30, 2006
    #1
    1. Advertising

  2. don't give him his current password, generate a new random pwd then have him
    reset it once he logs into the web site.

    I store my pwd the sameway in my db (SHA1) but if the use forgets the pwd, i
    take them to a 'forget password' page, have them enter in a few security
    questions they defined when they setup their ID, then send them a temp random
    password. Then when they login to the site with that pwd, i then force them
    to change it to a new one. I never give out a password a user request because
    you have no validation if that is the actual user or not.


    "ChigbuaUmuenu" wrote:

    > I encrypted user passwords on sql server 2005 using SHA1. A user of the site
    > forgot his password and requested for it. How do I decrypt the password.
    > --
    > Okoronkwo Chinedu
    > Nigeria
    igotyourdotnet, Oct 30, 2006
    #2
    1. Advertising

  3. ChigbuaUmuenu

    Cerebrus Guest

    Just one thing to add to what "igotyourdotnet" said:

    Hash algorithms like SHA1 are one-way algorithms, that is to say that
    you can compute a hash from a given string, but you cannot (it is
    extremely difficult) reconstitute the string back from the hash. That
    is whole purpose of the hashing. Therefore the suggestion by
    "igotyourdotnet" is perfectly valid, you will need to generate another
    password and send it to him. Then he can use it to login, and change it
    at his leisure.
    Cerebrus, Oct 31, 2006
    #3
  4. That's my implementation for now. i.e sending them a randomly generated
    password. However I feel that a decryption algorithm should exist for SHA1
    and still it will not loose its security features.
    May be, we should take a research on that.
    --
    Okoronkwo Chinedu
    Crazy About Learning


    "Cerebrus" wrote:

    > Just one thing to add to what "igotyourdotnet" said:
    >
    > Hash algorithms like SHA1 are one-way algorithms, that is to say that
    > you can compute a hash from a given string, but you cannot (it is
    > extremely difficult) reconstitute the string back from the hash. That
    > is whole purpose of the hashing. Therefore the suggestion by
    > "igotyourdotnet" is perfectly valid, you will need to generate another
    > password and send it to him. Then he can use it to login, and change it
    > at his leisure.
    >
    >
    ChigbuaUmuenu, Nov 3, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CPTK

    Decrypting Files - Forgotten Password...

    CPTK, Jun 9, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    581
    Shep©
    Jun 11, 2005
  2. Aaron Epstein

    decrypting dvd disk with dvd video recorder?

    Aaron Epstein, Sep 26, 2004, in forum: DVD Video
    Replies:
    0
    Views:
    502
    Aaron Epstein
    Sep 26, 2004
  3. John Brown

    Decrypting how to?

    John Brown, Dec 22, 2007, in forum: Computer Support
    Replies:
    16
    Views:
    1,317
    Plato
    Dec 27, 2007
  4. Legality of decrypting passwords

    , Jun 30, 2008, in forum: Computer Security
    Replies:
    4
    Views:
    691
    Unruh
    Jul 1, 2008
  5. orestrada

    copying & decrypting files

    orestrada, Feb 6, 2009, in forum: Computer Security
    Replies:
    0
    Views:
    451
    orestrada
    Feb 6, 2009
Loading...

Share This Page