Hash question

Report · Apr 17, 2006

I know you can hash text, etc. Is there anyway for CF un unhash something?

What I'm doing is taking a users password, hashing it and storing it to
the database.

Another process that runs later pulls that db entry, and sends info to
the user, based on certain criteria.....

I don't really want to add a field to the db to store a plain text
version of the password (seems a little strange to do that and then to
hash it as well)

Anyone????

Report · Apr 17, 2006

as far as i know... there is no way to reverse the hashing of the string. One thing you might wanna do is build a way for a password to be reset if the user fogets their password.

Report · Apr 17, 2006

I'm doing that too, but I still need to be able to send the user their
username and password that the system asigns to them when they first
sign up..........

patb96 wrote:
> as far as i know... there is no way to reverse the hashing of the string. One thing you might wanna do is build a way for a password to be reset if the user fogets their password.

Report · Apr 17, 2006

You should encrypt passwords in the database - you can decrypt them as required as long as you use some universal method for the "key" that you can apply to everyone on your site. The trick is the key and making sure it is something that never changes, but is different for everyone and can be stored without giving away what it might be PLUS having the key work with the algorithm you decide to use.

encrypt(string, key[, algorithm[, encoding]]))

decrypt(encrypted_string, key[, algorithm[, encoding]])

Some databases (i.e. MS SQL) can also be setup to automatically encrypt certain columns as well, taking the burden away from the CF developer, but most hosters won't give you access to that type of functionality.

Report · Apr 18, 2006

Is there anyway for CF un unhash something?
That is as philosophical as asking if there is a way to find something special you've hidden in a place where nobody, but you, can find it. The answer is, of course, no.

Follow SafariTECH's suggestion. Here's a working example of it.

Report · Apr 18, 2006

If you could reverse a hash it wouldn't make sense because then someone could simply use a function on your database to un-hash it defeating the whole point of hiding it in the first place.

I'm not sure of other methods but you could on the registration proccess send the variable "form.password" (or whatever you named it) through the cfmail tag THEN hash the password within the SQL itself.