MFredin
asked on
Is there anyway to un-hash hashed passwords?
I'm using the coldfusion function #HASH# to hash passwords on insert into my MySQL 5 database. There isn't really any need to do this so now I'm wanting to un-hash the many hashed passwords I have in my database. Is there any way to do this without having my users reset all their passwords?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you yodercm, thats a great idea!
You're welcome. No need to worry about points, but in the future, you might want to wait a bit before you accept the "it can't be done" type of answer :)
Indeed, a very useful suggestion!
It's bad practice to ever store an unhashed password, ever! You shouldn't need to have to ever do this.
But you can always try something called a Rainbow Table, which stores the association between words and their hash, often for Gigs of hash values.
But you can always try something called a Rainbow Table, which stores the association between words and their hash, often for Gigs of hash values.
Just code your login routine to do the following:
When a user logs in and gives a password, hash it and then compare the database value to both the hashed and unhashed versions. If the unhashed matches, all is well. If the hashed version matches, change the value in the database to the unhashed one.
Over time, you will get most of them changed.