from django.contrib.auth.models import User u = User.objects.get(username='test') user.password u'sha1$c6755$66fc32b05c2be8acc9f75eac3d87d3a88f513802
Is reversing this password encryption possible?
views:
464answers:
3
+7
A:
No, that's the point.
If your user forgot their password, you'll have to reset it.
Robert Greiner
2009-08-31 19:46:04
+8
A:
Yes, it's possible. All you need is a few million years, and a computer the size of our solar system.
John Millikin
2009-08-31 19:47:56
or Abbey from NCIS.
Robert Greiner
2009-08-31 19:48:51
Or a plasmobot... http://www.sciencedaily.com/releases/2009/08/090827073256.htm =)
StingyJack
2009-08-31 19:49:42
or Chloe from 24
Robert Greiner
2009-08-31 19:49:45
@StingyJack +1 nice one :P
Robert Greiner
2009-08-31 19:50:19
@John you are too optimistic: you should first try strings from a dictionary (more likely, you should first "test", "password", "123"...). I bet the password would come out pretty soon in most cases.
giorgian
2009-08-31 19:56:06
+6
A:
Sha-1 is a one-way hash. It cannot be reversed except for using a brute force attack which will take millions of years.
There are some online databases that let you reverse the hash of common words/conbinations of words. However, django adds "salt" to the password before it computes the hash, so you cannot reverse django passwords.
That's why a hash is used. Nobody can find out your password, not even sys admins :-)
Humphrey
2009-09-01 02:29:07
@Humphrey or you can just use this, which takes exactly 1 second: http://www.sha1-lookup.com/
orokusaki
2010-02-19 04:41:50