Password recovery with sha1 password hashing

Question

I'd like to implement a forgot password function for my website. I hash the passwords using sha1. How would I recover this for the user?

What's the best method for implementing this?

dupe: http://stackoverflow.com/questions/3615408/php-dehashing-the-password among others — Anon, Oct 26 '10 at 17:16
possible duplicate of [PHP:How to send the original password to the user when he clicks forgot password which is encrypted by using md5?](http://stackoverflow.com/questions/2780198/phphow-to-send-the-original-password-to-the-user-when-he-clicks-forgot-password) — user229044, Oct 26 '10 at 17:23

score 30 · Accepted Answer · edited May 23 '17 at 10:29

30

Short answer, you can't.

You want to implement a password reset function, not a password retrieval function. The whole point of hashing passwords is that you don't get to store the user's password, and you can't recover it if it is lost.

This should give you a rough idea of how to allow users to reset forgotten passwords:

edited May 23 '17 at 10:29

Community

1
1

answered Oct 26 '10 at 17:15

user229044

232,980
40
330
338

6

not only that he can't do it. more precise he shouldn't be able to do it. otherwise hashing would be useless by definition. – ITroubs Oct 26 '10 at 17:17
2

Darn. I should have gone for the short answer :) – Cameron Skinner Oct 26 '10 at 17:18
Thanks for this. So, reset the password makes sense. Thanks! – BigMike Oct 26 '10 at 22:55

Cameron Skinner · Answer 2 · 2010-10-26T23:41:27.557

The best method is to not attempt to recover the original password. If a user loses their password then generate a new, random one and use an out-of-band method for sending it to them (e.g. email). Remember that the whole point of hashing the password is to prevent recovery.

I know, I know, email is insecure. But if you require users to immediately change the generated password then the risk is mitigated.

By the way, I cannot recommend enough that you also salt the password and iterate the hash to prevent brute-force attacks in the event that an attacker obtains the hashed value.

score 3 · Answer 3 · edited May 23 '17 at 12:10

3

NO

There is no known effective way of reverting a sha1 hash to it's original text (since it's a one way function by design). If you would like to be able to show users their password at a later time, you will have to store it in a method that would be reversible (IE encryption, plaintext). This still is probably a bad idea, try to find a better way of doing it.

edited May 23 '17 at 12:10

Community

1
1

answered Oct 26 '10 at 17:18

Kendall Hopkins

43,213
17
66
89

What's an ineffective way of reverting a sha1 hash? :) – George Johnston Oct 26 '10 at 17:22
@George Rainbow Tables will work fairly well on short simple passwords, but if the hash is salted or contains symbols, your probably not going to be able to reverse it. – Kendall Hopkins Oct 26 '10 at 17:23
1

Brute force. Loop through all possible strings of text, hash each, compare to the stored hash. Running time grows exponentially with max string length. 5 characters (letters and numbers) is about the limit of practicality. – Seva Alekseyev Oct 26 '10 at 17:26
3

Thanks for submitting your retrieve password request. An email will be mailed to you with your password in approximately 35 years. – George Johnston Oct 26 '10 at 17:27

Password recovery with sha1 password hashing

3 Answers3