Retrieving password when the password stored as a hash value

前端 未结 8 921
遥遥无期
遥遥无期 2021-01-05 14:15

Can users request that their password be emailed to themselves if the password is stored as a hash value?

Is there any way to convert a hash value to the clear text

8条回答
  •  天涯浪人
    2021-01-05 14:30

    There is no way to reverse the commonly used hashes. They can be bruteforced (trying every single possible password) or you can use a wordlist (using a list of commonly used passwords) in combination to brute force to speed it up some, but it is still a very slow and CPU intensive process.

    The best way, which many sites use, it to create a "Password Reset" button where you enter your username and email, and if they match, it sends you a random password and gives you a link to the login page and you can login with your random password and change your password.

自定义标题
段落格式
字体
字号
代码语言
提交回复
热议问题