bcrypt.js icon indicating copy to clipboard operation
bcrypt.js copied to clipboard
verified publisher icon dcodeIO

How to decript password??????

Open IoTManagerProject opened this issue 2 years ago • 5 comments

I use your package. I want to make password recovery system. All passwords now encripted by:

const hashPassword = bcrypt.hashSync(password, 7);

I need to decode password and get it. I able only compare bcrypt.compareSync. But i need GET IT?

Are you have way to get it??????????????????????????????????????

IoTManagerProject avatar Sep 21 '23 11:09 IoTManagerProject

The password becomes hashed and is no longer available in plain text.

dcodeIO avatar Sep 21 '23 12:09 dcodeIO

It is absolutely impossible to recover the password from the hash and that's the whole point of storing hashes : you can know if a given string is the right password by hashing it and comparing the result, but that's it.

The usual workflow when a password is lost is that the use will click on "forgotten password". Then, an email is sent to the address they have registerd when creating the account, and the user can reset their password.

CorentinDeBoisset avatar Oct 22 '23 21:10 CorentinDeBoisset

Is the library still valid for current use? No activity for last seven years.

aflatoon2874 avatar Oct 26 '23 12:10 aflatoon2874

@aflatoon2874 yes!

ItaloRAmaral avatar Dec 17 '23 13:12 ItaloRAmaral

The concept of hashing a password is of computer science, we hash it to encrypt the password and by "hashing", you can only compare the result if it matches. There is no easy way for you to "undo" the hash, and therefore we are still using this bcrypt after 7 years of non-maintained status. If we can simply unhash it, this is going to be a totally untrusted internet with credential and password leak everywhere in the world.

alexchu-dev avatar Mar 30 '24 09:03 alexchu-dev