Decryption of password encrypted using PASSWORD() function of mysql

Question

I am usingPASSWORD()function of SQL for encrypting passwords . Now i am searching for a way to get the password if someone forget his/her password.

$user = "select * from users where email='$email' and password='PASSWORD($pass)'";

Thanks

Answer 1

PASSWORD() is a hashing method and therefor it can't be decrypted to the orginal string http://dev.mysql.com/doc/refman/5.1/en/password-hashing.html

So the answer to your question

If you want to encrypt/decrypt you can use the AES_ENCRYPT and AES_DECRYPT methods http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_aes-decrypt Or the DES_ENCRYPT and DES_DECRYPT

NOTE: It's not wise to store passwords that can be decrypted for security reasons, you could better set a new password. Or in your case when a user forgets his/her password you can generated a random string and use that as password in your database the generated password could be mailed to your end-user.

As noted by hd you could better use the generated string as reset token for your end-users.

Answer 2

You cant recover this password in direct way, only you can use brute-force attack or using rainbow tables for this hashes.

Or if you dont want to recover it you can change it via update command from mysql.

Answer 3

You should never store your passwords in a way that they can be decrypted. Instead just generate a new password.

Something like:

UPDATE users SET `password` = 'PASSWORD(someSuper.Safe123Password!)' WHERE `id` = USERID