Hi,
I am using acts_as_athenticated plugin for my rails application. That
plugin is using “SHA1” algorithm to encrypt password & stroe it into
database. Now in future suppose user requsted his password through
email, hhow should I decrypt that password in my application & for
sending it through mail?
Please help me.
I am trying this since last 2 days. But still not succeeded.
Thanx in advance for ur help.
Prash
Prashant T. wrote:
Thanx in advance for ur help.
Prash
SHA1 is a hash algorithm, it can’t be decrypted. In your application, a
user’s password is verified by hashing the submitted password with SHA1
algorithm and comparing this value with the stored SHA1 hash value. It
is never decrypted. If you want to email a password to your user, set a
new one, that they optionnaly can change after the next login.
Please also note that emailing password is just not secure (email is
sent in clear text over the network), although it is common practice…
But so is logging in without SSL, which is also common.
–
Yannick M. http://www.inma.ucl.ac.be/~majoros
Informaticien UCL/INMA-MEMA
4, avenue G. Lemaître
B-1348 Louvain-la-Neuve
Tel: +32-10-47.80.10
Fax: +32-10-47.21.80
On 6/9/06, Yannick M. [email protected] wrote:
Thanx in advance for ur help.
Prash
SHA1 is a hash algorithm, it can’t be decrypted. In your application, a
user’s password is verified by hashing the submitted password with SHA1
algorithm and comparing this value with the stored SHA1 hash value. It
is never decrypted. If you want to email a password to your user, set a
new one, that they optionnaly can change after the next login.
Or better yet, leave the password alone and generate some kind of
temporary login token that you mail them. Don’t want people reseting
others’ password.
Isak