Hi,
I am saving the password in the database using SHA-1 encyption. On forgetting the password i have to email the user his old password. But i am not able to decrypt the password saved in the database. Can anybody help me in creating a decryption code in java for the same. looking fwd for quick replies
Thanks
Rahul

Normally, in this situation, you create a new password and send that to the user (and, usually, you only allow that generated password to be used once and force the user to set a new one upon using it).

Normally, in this situation, you create a new password and send that to the user (and, usually, you only allow that generated password to be used once and force the user to set a new one upon using it).

Thanks but the client requirement is to email the user with their previous password only

Thanks for your reply, can you provide me some documentation that can help me to convince the client

It can still be done, but you can't use a hashing algorithm. The password will have to be encrypted (not hashed), using some other encrytion format and some sort of key will be needed. These sort of method is, normally, not as secure, though.

If you need some sort of documentation, then google for the SHA-1 specs and see what they say about decryption, or simply google for general information about hashing algorithms, of which SHA is one (SHA stands for secure hash algorithm, BTW).

This article has been dead for over six months. Start a new discussion instead.