当密码存储为哈希值时检索密码 [英] Retrieving password when the password stored as a hash value

问题描述

Can users request that their password be emailed to themselves if the password is stored as a hash value?

Is there any way to convert a hash value to the clear text value with the proper information (& what information would you need)?

If a user has the same password hash value stored on two sites, would their password be the same for both sites?

解决方案

If you're only storing a hash of the password, then no. ...and you should only be storing a properly-salted hash of their password, anyway.

Password reset mechanisms are the proper alternative.

这篇关于当密码存储为哈希值时检索密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！