-2

I have recently seen that some software (such as SMF), allows you to create users directly from MYSQL, encrypting the passwords in the following way:

SHA1(CONCAT(LOWER('UserNickname'), 'UserPass'))

thus returning something "encryption". And well, I would like to implement something similar to a project, so I can have my users' passwords encrypted in the database.

But what I need help with is knowing how to "decrypt" the password. I can't think of any way

Dharman
  • 30,962
  • 25
  • 85
  • 135
Ray
  • 63
  • 1
  • 4
  • 3
    Best not to encrypt, but to hash. Ref [article](https://code-boxx.com/password-encrypt-decrypt-php/). – danblack Aug 25 '22 at 05:41
  • 4
    SHA1 is a hash, not encryption. So the only way to get the original back is to brute force it. And you don't decrypt what's in the database, you hash what the user provides and compares with what's in the database. – fredrik Aug 25 '22 at 05:42
  • 1
    ``HASHING != ENCRYPTING`` !! – OMi Shah Aug 25 '22 at 06:12

1 Answers1

0

Actually you can not decrypt this usually. Hashings are used for users securities.

To authenticate user you should follow this steps.

  1. Take user input (Password) to login Hash the password user given in
  2. login time Check / match with previously stored hashed password.
  3. If matched or checked accurate then login otherwise incorrect password.

Only we can check/ match two encrypted data. there is no decrypt function for this.

Note: Although there are some service to try decrypting the sha1 but they are not always success because they already have some big list of encrypted data in their database. If your searched data is existed in their database they can return you the decrypted data other wise returns "not found". for example: https://md5decrypt.net/en/Sha1/

This hashes are used so that if your database is hacked for information is somehow accessed by anyone users password can be safe.

MD TAREK HOSSEN
  • 129
  • 2
  • 11