Can users request that their password be sent by email if the password is stored as a hash value?
Is there a way to convert a hash value into a text value with the necessary information (& what information do you need)?
If a user has the same password hash value stored on two sites, will their password be the same for both sites?
If you only save the password hash, then no .... and in any case, you should only store the correctly salted hash of your password.
Password reset is a suitable alternative.
( , ). , , -, ..
, , reset , .
, . . reset.
. , . MD5 , . SHA- - .
. .
http://en.wikipedia.org/wiki/Sha-1
, . base64 ROT13. ( !)
, . .
, , , . 100%, -, .
. ( ), ( ) , , .
, , - " Reset", , , .
:
Hashed_password Salt
, ( SHA1) :
def self.encrypted_password(password, salt) string_to_hash = password + "wibble" + salt Digest::SHA1.hexdigest(string_to_hash) end
user.Hashed_password == encrypted_password(password, user.salt)
, "" ""
- ... , . . , -. , , , , , . , , , .