Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
e-hot2015-09-09 19:01:10
symfony
e-hot, 2015-09-09 19:01:10

How to decode ( decode ) a hashed password ( password_hash() ) in Symfony 2?

Welcome all.
Help to deal with the situation:
1. Registration, authorization and authentication on the site - everything works.
2. The functionality works, which, when data changes (login, password, etc.), sends updated user data to the admin mail, but I can’t figure out how from hashed with password_hash( $self->getPassword(), PASSWORD_BCRYPT, array ( 'cost' => 12 ) ) of the password extract the original password itself.
Who knows, tell me. Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Alexey Pavlov, 2015-09-09
@lexxpavlov

No way. The point of the hash is that it is impossible to get the original password from it.
Even brute force will not help you if your password length is more than 3-5 characters.
If you need the password itself, then there is only one way to get it - use it at the same time as it was received from the user, that is, send it to the admin / user in the same request as the password is regenerated.
And if the password is needed later (for example, for the password recovery function), then this will not work - the password must be recreated again.

Report
J
jaxel, 2015-09-09
@jaxel

If you have such a need, then you are doing something wrong. This algorithm was invented for this purpose, so that it could not be decoded.
And you don't need to store the password in clear text. The database will be taken away from you, and the attacker will have access to all the accounts of all your users, since many use the same login and password for all services.
Because of such craftsmen, one has to have separate passwords for dubious shit sites.

Report
S
Sergey, 2015-09-09
Protko @Fesor

hashed password

no way, only brute-force collision can be picked up, which in the case of BCRYPT will be very long.
What you need to do is remember the original password before hashing. And that's all. And it’s better to somehow do something so that it would not be sent anywhere.

Similar questions
J
Justique2016-02-17 19:03:02
How does Symfony encrypt the password? 1Reply
S
sl1m_dogg2016-02-18 16:09:58
Need to write EmailExtension(DI) SYmfony3 correctly, what's wrong with my code? 1Reply
G
grabbee2016-02-18 18:13:40
Symfony2 Rest API - NGINX secure_link - how to create routes correctly? 1Reply
K
KerryDarko2016-02-19 13:15:26
Doctrine: Is it possible to do sorting on a collection in an entity? 2Reply
T
test2018-07-09 12:41:36
How to use javascript in symfony correctly? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question