Is it possible to decode passwords from BCrypt?

O

Orkhan Hasanli2018-11-07 04:11:27

Java

Orkhan Hasanli, 2018-11-07 04:11:27

During registration, the password is encoded (BCryptPasswordEncoder) and stored as a hash in the database. If the password is updated, then I compare 2 hashes and update them if they do not match.
Now, a slightly different story - the database stores the login and password for accessing sites. I also encode them in BCrypt. BUT! I need to get them from the database and pass them as a parameter when working with the REST API. Accordingly, is it possible to decode this data? Or will I have to connect another encoder / decoder with the ability to set my own "salts" and if so, which one is better for this?
Thanks in advance
PS
Code I am using for hash comparison

Look

BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();  
encoder.matches(password, user.getPassword());

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

DevMan, 2018-11-07
@azerphoenix

hashes are not supposed to be reversible, you need encryption.
in addition, many apis allow you to generate a token for access with limited functionality.