How to decrypt a password for recovery with php

Question

I have a website that people can sign up for and sign in to. I would like to implement a password recovery system that sends you the decrypted password. When the user signs up, the password is salted with the users unique username, peppered with a secret key, and then hashed with SHA256.

Is there any way that I could do this if I know the secret key, the users username, the hashed result, and the encryption method?

You _cannot_ decrypt a hashed password. It doesn't work that way. Hashing != encryption. — forest, Apr 23 '18 at 01:32
So what would I have to do to 'dehash' the password, make up my own brute force system? — DMVerfurth, Apr 23 '18 at 01:33
Correct. You would have to iteratively test every possible password. — forest, Apr 23 '18 at 01:34
Yup. Hashes are designed to be one-way. You cannot and should not try to reverse them. A password recovery feature should set and send out a _new_ password, never the original one. — forest, Apr 23 '18 at 01:36
Yea, I thought about that, I just needed to check if there was any way to reverse a hash, I couldn't figure it out so I thought of security.stackexchange.com. — DMVerfurth, Apr 23 '18 at 01:37
Remember, if you can reverse the password, so can a hacker who has access to your server. — forest, Apr 23 '18 at 01:38
Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/76416/discussion-between-dmverfurth-and-forest). — DMVerfurth, Apr 23 '18 at 01:40
I'm not sure if you're really going to implement this, but just in case, SHA256 is definitely inadequate security for password hashing. And using username for salt is also inadequate. PHP comes with password hash functions. Use them, they get it right. — Neil Smithline, Apr 23 '18 at 03:16
I don't think a question about password recovery can be a duplicate of a question about password hashing. — Anders, Apr 23 '18 at 11:50

score 8 · Accepted Answer · answered Apr 23 '18 at 07:39

You are asking us for the best way to shoot yourself in the foot. As Peter Harmann says, there is absolutely no legitimate reason to do password recovery by decrypting and emailing passwords. If you can decrypt the passwords, an attacker could potentially do the same. The whole point of password hashing is to avoid that! Additionally, email is not a very safe medium so littering peoples inboxes with passwords is not good practice.

So what to do instead? The traditional way to do password recovery is to email a password reset link to the user. The link contains a securely random, long token connected to the user. This token allows the person clicking the link to change the password once. Note that the token should expire within some reasonable time. If you want to learn more, Troy Hunt has a nice article on it.

While you are at it, there are some important things you need to do to improve your password hashing:

Most importantly, and this is a major deal, do not use a single round of SHA-256. This is not nearly good enough. You need to use a slow algorithm, like bcrypt or similar. See this question.
It is better to use a random salt than to use the username. This isn't as important as the above point, but it's still good practice.

score 3 · Answer 2 · answered Apr 23 '18 at 06:19

Hash by definition is one-way. It is not encryption and therefore can NOT be decrypted. This is by design and you should NEVER send user password using mail. Just don't. Whatever reason you think you have, it is not good enough. If the password can be de-hashed, it means your system is broken.

score 0 · Answer 3 · answered Apr 23 '18 at 09:13

You can for sure try to crack the hashes. This is a slow and inefficient process if you don’t have the hardware for it, and there’s no guarantee it will succeed. As other users have already mentioned, if the password is decryptable, then the system is broken. What I’d recommend doing is generating a new password and THEN emailing it to the user, but that’s just my two cents.

How to decrypt a password for recovery with php

3 Answers3