0

How can I decrypt a password string in PHP which was encrypted with crypt?

$salt = substr($_POST['password'], 0, 2);  
$password = crypt($_POST['password'], $salt);

I need to send the original password in a forget password e-mail.

Gumbo
  • 643,351
  • 109
  • 780
  • 844
Srikanth Naidu
  • 787
  • 5
  • 16
  • 28
  • 5
    Password should be One Way Hashed, when the user ask for a new Password, you should send him a temporary password that he will change on next login. – Michael B. Mar 26 '10 at 15:03
  • I totally agree with Michael B, there's no need to revert the encryption (and it would be bad practice securitywise if it were possible), just send a new random password and have the user change it after logging in. – wimvds Mar 26 '10 at 15:07
  • well there no facility for user to change his password, here only admin creates username and password and sends it to the user, Still thanks for the advise – Srikanth Naidu Mar 26 '10 at 15:18
  • The salt should be a random value and not be forget from the value that should be hashed. – Gumbo Mar 26 '10 at 15:38

3 Answers3

6

http://php.net/manual/en/function.crypt.php

crypt — One-way string hashing

there is no reverse operation of crypt. The best you can - reset password and send it to user.

Andrey
  • 59,039
  • 12
  • 119
  • 163
2

This is probably not the answer you are looking for, but this is just a more security wise practice.

Password should be One Way Hashed, when the user ask for a new Password, you should send him a temporary random password that he will change on next login.

Michael B.
  • 3,410
  • 1
  • 21
  • 32
1

1) you can use symmetric encryption instead of hash (crypt function is hash) - in this way you would have possibility to decrypt it.

2) usually sites services create special link and mail it to user. By this link we have page where we can change password. It is more safe way to store passwords.

Stepan Suvorov
  • 25,118
  • 26
  • 108
  • 176