检索密码时，密码存储为一个哈希值 [英] Retrieving password when the password stored as a hash value

问题描述

可按用户的要求，如果密码被存储为哈希值，他们的密码通过电子邮件发送给自己呢？

Can users request that their password be emailed to themselves if the password is stored as a hash value?

有没有什么办法散列值转换为明文值与正确的信息（安培;你需要什么样的信息）

Is there any way to convert a hash value to the clear text value with the proper information (& what information would you need)?

如果用户有存储在两个网站相同的密码的哈希值，将其密码是为这两个网站一样吗？

If a user has the same password hash value stored on two sites, would their password be the same for both sites?

推荐答案

如果你只是存储密码的哈希，则没有。 ...你应该只存储密码的正确盐渍哈希，反正

If you're only storing a hash of the password, then no. ...and you should only be storing a properly-salted hash of their password, anyway.

密码重置机制是正确的选择。

Password reset mechanisms are the proper alternative.

这篇关于检索密码时，密码存储为一个哈希值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！