Jump to content

Is it Possible to Decrypt customers passwords?


Recommended Posts

It is encrypted by a salted md5 hash. 

 

I think your are missing the point. If a store ever did that to me, I would never buy a product from them again. You are un-encrypting their passwords which they more than likely use for other services. 

  • Like 1
Link to comment
Share on other sites

mani313, what you're asking is practically unfeasible.

 

Hash functions/algorithms like MD5 produce a fixed length output, regardless of the input's length. In other words, the length of a hashed password string gives no indication for the length of the original password string. Not to mention the "lossy" factor (original input data is lost).

 

These kinds of checks should be done before a password is created or updated in the database, not after. Ideally, with a combination of some appropriate client-side JS scripts and server-side PHP scripts.

Edited by parsifal (see edit history)
Link to comment
Share on other sites

It is encrypted by a salted md5 hash. 

 

I think your are missing the point. If a store ever did that to me, I would never buy a product from them again. You are un-encrypting their passwords which they more than likely use for other services. 

yes it of course! the actual need for decrypting is to powerful the security.

 

we want to make sure all customer who must have six digit password. so we should send an alert for them to secure pass (only who has less than six digit) 

so how do i get resolved this?

 

thanks in adv :)

Edited by mani313 (see edit history)
Link to comment
Share on other sites

The only practical way I see is:

 

1. Enforce a password min. length prerequisite from now on (at the end of my previous post, I hinted at this)

2. Send a message to all your existing customers about the need to update their password, if they have one that does not meet the prerequisite

 

If you don't mind a more aggressive approach, you could additionally require a password change upon next login for all customers with passwords that don't meet the min. length.

Edited by parsifal (see edit history)
Link to comment
Share on other sites

The only practical way I see is:

 

1. Enforce a password min. length prerequisite from now on (at the end of my previous post, I hinted at this)

2. Send a message to all your existing customers about the need to update their password, if they have one that does not meet the prerequisite

 

If you don't mind a more aggressive approach, you could additionally require a password change upon next login for all customers with passwords that don't meet the min. length.

okay thanks parsifal. the last sugesstion is good for me.

is it possible check length of success password (i.e., entered correct password) before or after login.

 

thanks in adv

Link to comment
Share on other sites

×
×
  • Create New...