[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1445
  • Last Modified:

Is there anyway to un-hash hashed passwords?

I'm using the coldfusion function #HASH# to hash passwords on insert into my MySQL 5 database.  There isn't really any need to do this so now I'm wanting to un-hash the many hashed passwords I have in my database.  Is there any way to do this without having my users reset all their passwords?  
0
MFredin
Asked:
MFredin
1 Solution
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
no. hashing is not reversible
0
 
Cornelia YoderArtistCommented:
There is one thing you can do to help ....

Just code your login routine to do the following:

When a user logs in and gives a password, hash it and then compare the database value to both the hashed and unhashed versions.  If the unhashed matches, all is well.   If the hashed version matches, change the value in the database to the unhashed one.

Over time, you will get most of them changed.
0
 
MFredinAuthor Commented:
Thank you yodercm, thats a great idea!
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
Cornelia YoderArtistCommented:
You're welcome.  No need to worry about points, but in the future, you might want to wait a bit before you accept the "it can't be done" type of answer :)
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
Indeed, a very useful suggestion!
0
 
brian-jgCommented:
It's bad practice to ever store an unhashed password, ever! You shouldn't need to have to ever do this.

But you can always try something called a Rainbow Table, which stores the association between words and their hash, often for Gigs of hash values.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now