Undoing a SHA1


#1

Hello for my password recovery system I want to recover the users
password and send it to them. In the DB its saved via SHA1 (login
generator)


#2

I may be wrong on this but I believe that SHA1 is (for the most part)
unrecoverable. I would suggest that you create a random password
generator… change the password and email it to the user.


#3

any one know what the code for generating a random password would be?


#4

On 5/12/06, Mohammad removed_email_address@domain.invalid wrote:

any one know what the code for generating a random password would be?

something along the lines of

pwlen = rand(6)+3
pw = (0…pwlen).map { rand(96)+32 }.join(’’)

martin


#5

On May 11, 2006, at 1:59 PM, Martin DeMello wrote:

On 5/12/06, Mohammad removed_email_address@domain.invalid wrote:

any one know what the code for generating a random password would be?

something along the lines of

pwlen = rand(6)+3
pw = (0…pwlen).map { rand(96)+32 }.join(’’)

Nice, but doesn’t work, missing character conversion.

Array.new(rand(6).to_i+3) { (rand(96).to_i+32).chr }.join(’’)


#6

Try this:

def random_string(len)
code_array=[]
chars = (‘a’…‘z’).to_a - [‘a’,‘e’,‘i’,‘o’,‘u’]
1.upto(len) {code_array << chars[rand(chars.length)]}
code_array
end

Rodrigo D.

Iplan Networks Datos Personales
removed_email_address@domain.invalid removed_email_address@domain.invalid
www.iplan.com.ar www.rorra.com.ar
5031-6303 15-5695-6027

-----Mensaje original-----
De: removed_email_address@domain.invalid
[mailto:removed_email_address@domain.invalid] En nombre de Mohammad
Enviado el: Jueves, 11 de Mayo de 2006 05:55 p.m.
Para: removed_email_address@domain.invalid
Asunto: [Rails] Re: Undoing a SHA1

any one know what the code for generating a random password would be?


Posted via http://www.ruby-forum.com/.


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails


#7

On 5/12/06, Tom M. removed_email_address@domain.invalid wrote:

Nice, but doesn’t work, missing character conversion.
oops - yes, that’ll teach me not to type code straight into the browser
window

Array.new(rand(6).to_i+3) { (rand(96).to_i+32).chr }.join(’’)

You don’t need the to_i - rand returns an integer if given a nonzero
argument. From ri:

------------------------------------------------------------ Kernel#rand
rand(max=0) => number

 Converts max to an integer using max1 = max.to_i.abs. If the
 result is zero, returns a pseudorandom floating point number
 greater than or equal to 0.0 and less than 1.0. Otherwise, returns
 a pseudorandom integer greater than or equal to zero and less than
 max1.

martin


#8

Try this:
[Array.new(6){rand(256).chr}.join].pack(“m”)[0…7]


#9

On May 11, 2006, at 4:05 PM, Martin DeMello wrote:

pw = (0…pwlen).map { rand(96)+32 }.join(’’)

Nice, but doesn’t work, missing character conversion.

oops - yes, that’ll teach me not to type code straight into the
browser window

Array.new(rand(6).to_i+3) { (rand(96).to_i+32).chr }.join(’’)

You don’t need the to_i - rand returns an integer if given a nonzero
argument. From ri:

Cool. Thanks for the tip!


– Tom M.


#10

“Brian” == Brian H. removed_email_address@domain.invalid writes:

I may be wrong on this but I believe that SHA1 is (for the most part)
unrecoverable.

SHA-1 is a hashing algorithm. This means that it’s designed not to
be reversible. While weaknesses in the algorithm have been found in
the past couple of years, finding data that hashes to a specific given
hash is still in the extremely serious supercomputer range (as in
unless your machine does lots of teraflops and you have months to
spend, don’t even dream about it).

	     Calle D. <removed_email_address@domain.invalid>
	 http://www.livejournal.com/users/cdybedahl/
 "And don't try to tell us there is no way to go but up, because the
  truth is, there is *always* more down." -- Gunn, Angel: the Series