views:

464

answers:

3
from django.contrib.auth.models import User
u = User.objects.get(username='test')
user.password
u'sha1$c6755$66fc32b05c2be8acc9f75eac3d87d3a88f513802

Is reversing this password encryption possible?

+7  A: 

No, that's the point.

If your user forgot their password, you'll have to reset it.

Robert Greiner
+8  A: 

Yes, it's possible. All you need is a few million years, and a computer the size of our solar system.

John Millikin
or Abbey from NCIS.
Robert Greiner
Or a plasmobot... http://www.sciencedaily.com/releases/2009/08/090827073256.htm =)
StingyJack
or Chloe from 24
Robert Greiner
@StingyJack +1 nice one :P
Robert Greiner
@John you are too optimistic: you should first try strings from a dictionary (more likely, you should first "test", "password", "123"...). I bet the password would come out pretty soon in most cases.
giorgian
+6  A: 

Sha-1 is a one-way hash. It cannot be reversed except for using a brute force attack which will take millions of years.

There are some online databases that let you reverse the hash of common words/conbinations of words. However, django adds "salt" to the password before it computes the hash, so you cannot reverse django passwords.

That's why a hash is used. Nobody can find out your password, not even sys admins :-)

Humphrey
@Humphrey or you can just use this, which takes exactly 1 second: http://www.sha1-lookup.com/
orokusaki