密码恢复:如何解密md5加密密码? [英] Password Recovery: How to decrypt an md5 encrypted password?
问题描述
可能重复:
是否可以解密md5哈希?
在我的网站上,我使用md5加密密码。所以它保存在数据库中的加密形式。为了进行密码恢复,如何解密加密密码?
In my website, I'm using md5 encryption for the password. So it's saving in the encrypted form in the database. For doing the password recovery, how can I decrypt the encrypted password ??
请帮助:)
推荐答案
如其他描述相当好,您不能轻易地解密一个MD5哈希。
As others described quite well, you cannot easily 'decrypt' an MD5 hash.
我想最好的方法来进行密码恢复是这样的:
I guess the best way to do your password recovery is like this:
-
用户可以通过提供他的电子邮件地址来请求密码恢复
(它应该是唯一的用户可以通过电子邮件地址来识别。
A user can request password recovery by providing his email address (it should be unique so users can be identified by email address).
一封电子邮件发送到他的地址,一个
链接包含一个唯一的哈希(
当您发送
电子邮件并将其保存到数据库时生成)。
an email is sent to his address with a link containing a unique hash (which you have generated when sending the email and saved it to the db).
当用户点击链接(和
当然,唯一的哈希值被检查
等于数据库中的一个)
你可以显示一个表单,让他们
选择不同的密码。
when the link is clicked by the user (and of course the unique hash is checked to be equal with the one in the db) you can show a form which lets them choose a different password.
有些人使用的另一条路线是简单地要求电子邮件地址,生成一个新的密码并发送给用户。这个问题是,只知道您的电子邮件地址的人可以请求更改密码。他不会知道新通行证,您将通过电子邮件收到通知,但仍然对用户来说非常不方便。
Another route that some people use is to simply ask for the email address, generate a new password and send it to the user. The problem with this one is that someone who knows only your email address can request a password change. He won't know the new pass, and you will get it by email, but still it is very inconvenient for the user.
这篇关于密码恢复:如何解密md5加密密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
