Decrypting an encrypted password

Discussion in 'MCAD' started by ChigbuaUmuenu, Oct 30, 2006.

  1. I encrypted user passwords on sql server 2005 using SHA1. A user of the site
    forgot his password and requested for it. How do I decrypt the password.
     
    ChigbuaUmuenu, Oct 30, 2006
    #1
    1. Advertisements

  2. don't give him his current password, generate a new random pwd then have him
    reset it once he logs into the web site.

    I store my pwd the sameway in my db (SHA1) but if the use forgets the pwd, i
    take them to a 'forget password' page, have them enter in a few security
    questions they defined when they setup their ID, then send them a temp random
    password. Then when they login to the site with that pwd, i then force them
    to change it to a new one. I never give out a password a user request because
    you have no validation if that is the actual user or not.
     
    igotyourdotnet, Oct 30, 2006
    #2
    1. Advertisements

  3. ChigbuaUmuenu

    Cerebrus Guest

    Just one thing to add to what "igotyourdotnet" said:

    Hash algorithms like SHA1 are one-way algorithms, that is to say that
    you can compute a hash from a given string, but you cannot (it is
    extremely difficult) reconstitute the string back from the hash. That
    is whole purpose of the hashing. Therefore the suggestion by
    "igotyourdotnet" is perfectly valid, you will need to generate another
    password and send it to him. Then he can use it to login, and change it
    at his leisure.
     
    Cerebrus, Oct 31, 2006
    #3
  4. That's my implementation for now. i.e sending them a randomly generated
    password. However I feel that a decryption algorithm should exist for SHA1
    and still it will not loose its security features.
    May be, we should take a research on that.
     
    ChigbuaUmuenu, Nov 3, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.