Reputation: 17893
convert passwordhash to password in JDBC
I am querying my database to get password. But I am getting passwordhash. Is there any way to convert it to string.
SELECT passwordhash FROM userTable WHERE userID = 21600
I dont have any field with password.
Please let me know.
Thanks.
Upvotes: 0
Views: 221
Answers (3)
Reputation: 8846
If it really is a hash, then the algorithm is one-way only, you can't get the original password back, except using rainbow tables or some bruteforce tool.
Upvotes: 1
Reputation: 1502825
I am querying my database to get password.
Then either you're going to fail or your system is insecure. You shouldn't be storing a password in a reversible form.
But I am getting passwordhash.
Good! That suggests the system was designed securely.
The whole point of storing a password hash is to avoid storing the password itself in any form which can be reversed.
If someone hacks your system and gets all your private keys, I don't want them to be able to find out my password. If they just have the hash - and if the hashing algorithm has been chosen appropriately - then they shouldn't be able to get back to the original password from the hash, in a reasonable amount of time.
Equally it stops anyone trusted in your system from knowing the password, too. Bear in mind that people (unfortunately) reuse passwords. Company X doesn't want someone company Y logging in as one of their users, due to the password having been stored insecurely. (Unfortunately, too many places do store and even email plaintext passwords - but it should be discouraged.)
Fundamentally, you should be taking a step back - think about why you're trying to get the password, and what alternative approach you can take that doesn't require it. Changing the system so that you can get at a user's plaintext password should not be considered a viable option.
Upvotes: 5
Reputation: 200236
If there was a way, that would mean that a broken hashing algorithm was in use. In other words, no, there is no way to go back from the hash to the original password.
The point is to generate a hash from the entered password, using the same algorithm, and compare it with the hash from the database. That way you can authenticate without compromising password security by storing them in the database.
Upvotes: 7
Related Questions
- How can I hash a password in Java?
- Hashing in Java -> Get password from hash & salt
- Hashing Passwords in Java
- Change user password through JDBC
- Specify password hash instead of clear password in Oracle JDBC client
- Hash a password with SHA1 in java
- hashed password
- How to rehash password which is stored in database using MD5?
- How to use hash function in java for hashing the password?
- JDBCRealm digest for MySQL PASSWORD() function