密码恢复:如何解密md5加密密码? [英] Password Recovery: How to decrypt an md5 encrypted password?
问题描述
可能重复:
是否可以解密md5哈希?
在我的网站,我使用md5加密的密码。所以它以加密形式保存在数据库中。为了进行密码恢复,我如何解密加密的密码?
In my website, I'm using md5 encryption for the password. So it's saving in the encrypted form in the database. For doing the password recovery, how can I decrypt the encrypted password ??
请帮助:)
推荐答案
由于其他人描述得很好,你不能轻易地解密MD5哈希。
As others described quite well, you cannot easily 'decrypt' an MD5 hash.
我想最好的方法来做你的密码恢复是这样的:
I guess the best way to do your password recovery is like this:
-
用户可以通过提供他的电子邮件地址来请求密码恢复
A user can request password recovery by providing his email address (it should be unique so users can be identified by email address).
电子邮件会通过
链接发送到他的地址,该链接包含唯一的哈希值
an email is sent to his address with a link containing a unique hash (which you have generated when sending the email and saved it to the db).
当用户点击链接时,您发送
电子邮件并生成了
$ b当然唯一的哈希被检查
等于db中的那个)
你可以显示一个窗体,让他们
选择不同的密码。
when the link is clicked by the user (and of course the unique hash is checked to be equal with the one in the db) you can show a form which lets them choose a different password.
某些人使用的另一种途径是简单地请求电子邮件地址,生成新密码并将其发送给用户。这个问题是,只知道您的电子邮件地址的人可以请求更改密码。他不会知道新的通行证,你会通过电子邮件,但仍然是非常不方便的用户。
Another route that some people use is to simply ask for the email address, generate a new password and send it to the user. The problem with this one is that someone who knows only your email address can request a password change. He won't know the new pass, and you will get it by email, but still it is very inconvenient for the user.
这篇关于密码恢复:如何解密md5加密密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
