The trouble is that password is hashed using md5() function. Is it possible to reverse it back to readable form? so that I can send it back to user email address.
The trouble is that password is hashed using md5() function. Is it possible to reverse it back to readable form? so that I can send it back to user email address.
Hi nettrinity,
I don’t believe this is possible - the whole point of hasing would be lost if it were that easy to reverse it! The best thing to do is generate a new one, in my opinion.
It’s not possible at all. Using md5 is a great way to stop people being able to decode user’s passwords from a compromised database. The best thing to do is generate a new one for them, such as
$hashedTime = md5(time());
, select between 5-10 characters from that
$new_password = substr($hashedTime, 0, 6);
, encode it again to store in the database and send it out to the user, giving the option to change it to something more memorable.
Thanks a lot!
I tried many websites including Yii forum, paypal. Your way is the standard practice. But I don’t understand why… What are the risks if I send user password back to their email account?
and I do see some other website that can send my password back in clear text.
Regards,
Nicolas Xu
There are 2 kinds of risk:
[list=1]
[*]If somebody hacks the database he can read all passwords, and most of the people use the same password on many websites. If the password is hashed then it’s not possible to steal it.
[*]If paypal sends your password to your email address and somebody hacks your email account (steals your pc, or you leave your session open in an internet café, or he fishes your email account password, etc…) then he could get all your passwords because most of the people never delete their old emails.
[/list]
Thanks a lot!