检索密码时,密码存储为一个哈希值 [英] Retrieving password when the password stored as a hash value
问题描述
可按用户的要求,如果密码被存储为哈希值,他们的密码通过电子邮件发送给自己呢?
Can users request that their password be emailed to themselves if the password is stored as a hash value?
有没有什么办法散列值转换为明文值与正确的信息(安培;你需要什么样的信息)
Is there any way to convert a hash value to the clear text value with the proper information (& what information would you need)?
如果用户有存储在两个网站相同的密码的哈希值,将其密码是为这两个网站一样吗?
If a user has the same password hash value stored on two sites, would their password be the same for both sites?
推荐答案
如果你只是存储密码的哈希,则没有。 ...你应该只存储密码的正确盐渍哈希,反正
If you're only storing a hash of the password, then no. ...and you should only be storing a properly-salted hash of their password, anyway.
密码重置机制是正确的选择。
Password reset mechanisms are the proper alternative.
这篇关于检索密码时,密码存储为一个哈希值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!