Rehash password using laravel

Question

i want to know how to decrypt password.suppose i am using Hash::make("admin123") work perfect but how to decrypt? i already tried below two methods

1. Crypt::decrypt('$2y$10$v2yO0SCt1vOrVZCM8GWRjOuiV1IM3xQbSeq3klaITWVRqsavjaOPI','$2y$10')

2. Crypt::decrypt('$2y$10$v2yO0SCt1vOrVZCM8GWRjOuiV1IM3xQbSeq3klaITWVRqsavjaOPI')

Above two give me "Invalid data."

Actually i want to rehash all password like

$users = User->select('password')->where('activated','=',1)->get();
foreach($users as $user){
    // when i register user then i am using Hash::make() mechanism
    // How to rehash $user->password
}

Answer 1

It's impossible.

More precisely, it's possible, but it's not fast. In fact, it's ridiculously slow. Ridiculously to the point that a single "dehash" would take aeons, if password is hashed correctly. And it's by design, that's precisely why hashes are used with passwords.

Hash-function is a deterministic (i. e. works the same way every time) algorithm that scrambles the given values. It's used for passwords so you don't keep them in plain text, but you still can compare at runtime, whether the given value is the same as the one that has been hashed. The idea is simple: hash is the same for same inputs, hash is different (almost always) for different inputs.

Given a hash, you cannot get the source value. It's not encryption.

If you find yourself in a situation when you need to invalidate the existing hashes, write NULLs instead. Then, during login, if password hash is NULL, then send an email to your user, prompting a password reset due to "a change in your authentication system".

Whether to alert the user on a webpage is up to you, but by telling the user that an email was sent with password reset instructions, you've given a solid clue that the given user exists, this may be useful for a potential attacker. For the paranoids among us.