views:

131

answers:

3

I'd like to implement a forgot password function for my website. I hash the passwords using sha1. How would I recover this for the user?

What's the best method for implementing this?

+19  A: 

Short answer, you can't.

You want to implement a password reset function, not a password retrieval function. The whole point of hashing passwords is that you don't get to store the user's password, and you can't recover it if it is lost.

This should give you a rough idea of how to allow users to reset forgotten passwords:

meagar
not only that he can't do it. more precise he shouldn't be able to do it. otherwise hashing would be useless by definition.
ITroubs
Darn. I should have gone for the short answer :)
Cameron Skinner
Thanks for this. So, reset the password makes sense. Thanks!
BigMike
+4  A: 

The best method is to not attempt to recover the original password. If a user loses their password then generate a new, random one and use an out-of-band method for sending it to them (e.g. email). Remember that the whole point of hashing the password is to prevent recovery.

I know, I know, email is insecure. But if you require users to immediately change the generated password then the risk is mitigated.

By the way, I cannot recommend enough that you also salt the password and iterate the hash to prevent brute-force attacks in the event that an attacker obtains the hashed value.

Cameron Skinner
+3  A: 

NO

There is no known effective way of reverting a sha1 hash to it's original text (since it's a one way function by design). If you would like to be able to show users their password at a later time, you will have to store it in a method that would be reversible (IE encryption, plaintext). This still is probably a bad idea, try to find a better way of doing it.

Kendall Hopkins
What's an ineffective way of reverting a sha1 hash? :)
George
@George Rainbow Tables will work fairly well on short simple passwords, but if the hash is salted or contains symbols, your probably not going to be able to reverse it.
Kendall Hopkins
@George - brute force :)
Ishtar
Brute force. Loop through all possible strings of text, hash each, compare to the stored hash. Running time grows exponentially with max string length. 5 characters (letters and numbers) is about the limit of practicality.
Seva Alekseyev
Thanks for submitting your retrieve password request. An email will be mailed to you with your password in approximately 35 years.
George