Is there anyway to un-hash hashed passwords?

Posted on 2009-12-20
Last Modified: 2012-05-08
I'm using the coldfusion function #HASH# to hash passwords on insert into my MySQL 5 database.  There isn't really any need to do this so now I'm wanting to un-hash the many hashed passwords I have in my database.  Is there any way to do this without having my users reset all their passwords?  
Question by:MFredin
    LVL 142

    Accepted Solution

    no. hashing is not reversible
    LVL 27

    Expert Comment

    There is one thing you can do to help ....

    Just code your login routine to do the following:

    When a user logs in and gives a password, hash it and then compare the database value to both the hashed and unhashed versions.  If the unhashed matches, all is well.   If the hashed version matches, change the value in the database to the unhashed one.

    Over time, you will get most of them changed.

    Author Comment

    Thank you yodercm, thats a great idea!
    LVL 27

    Expert Comment

    You're welcome.  No need to worry about points, but in the future, you might want to wait a bit before you accept the "it can't be done" type of answer :)
    LVL 142

    Expert Comment

    by:Guy Hengel [angelIII / a3]
    Indeed, a very useful suggestion!
    LVL 2

    Expert Comment

    It's bad practice to ever store an unhashed password, ever! You shouldn't need to have to ever do this.

    But you can always try something called a Rainbow Table, which stores the association between words and their hash, often for Gigs of hash values.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    As a database administrator, you may need to audit your table(s) to determine whether the data types are optimal for your real-world data needs.  This Article is intended to be a resource for such a task. Preface The other day, I was involved …
    Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL ( several years ago, it seemed like now was a good time to updat…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now