Retrieving password when the password stored as a hash value

asp.net hash passwords dotnetnuke
Matt picture Matt · Jun 18, 2009 · Viewed 21.5k times · Source

Can users request that their password be emailed to themselves if the password is stored as a hash value?

Is there any way to convert a hash value to the clear text value with the proper information (& what information would you need)?

If a user has the same password hash value stored on two sites, would their password be the same for both sites?

Answer

Yoopergeek picture Yoopergeek · Jun 18, 2009

If you're only storing a hash of the password, then no. ...and you should only be storing a properly-salted hash of their password, anyway.

Password reset mechanisms are the proper alternative.

Related questions

What is default hash algorithm that ASP.NET membership uses?

What is default hash algorithm that ASP.NET membership uses? And how can I change it?

Read More
ASP.NET membership salt?

How does ASP.NET membership generate their salt key and then how do they encode it (that is, is it salt + password or password + salt)? I am using SHA-1 with my membership, but I would like to recreate the same …

Read More
How to create a asp.net membership provider hashed password manually?

I'm using a website as a frontend and all users are authenticated with the standard ASP.NET Membership-Provider. Passwords are saved "hashed" within a SQL-Database. Now I want to write a desktop-client with administrative functions. Among other things there should …

Read More