I am developing a website which encrypts every user's password with sha1() method and is stored in the database.
Now the problem is I want to offer a recover password function for my users. but i dont know how to get the password from the salted string

Help me!!!

Member Avatar for Rhyan

You can't.
SHA is one-way encoding mechanism. So in order to verify a password, the verification string has to be encoded using the same key as it has been initially encoded upon inserting into the database.

You have to choose another method of encoding, which provides decoding as well.

However, i think that you better provide password recovery either by sending a link to the customer's email where he can follow it and change the password, or generate a random string and send it to the customer in an e-mail as a default password.

The SHA hashing mechanism is secure enough, so i don't suggest you going for change of the encoding mechanism.

I am developing a website which encrypts every user's password with sha1() method and is stored in the database.
Now the problem is I want to offer a recover password function for my users. but i dont know how to get the password from the salted string

Help me!!!

The whole reason you should use SHA-1 for storing passwords is that the original password cannot be retrieved by anyone including your application. So you can't offer a password recovery, only a means to change your password after you have verified that you own the account. (like mentioned above by Rhyan).

Storing passwords in a way that they can be decrypted is useless since you would have to store the key where your application can retrieve it. Thus if your application is compromised, all the passwords will be as good as stored in plain text.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.