[RESOLVED] decode a sha1 encryption

andersstudio

I decided to sha1 passwords into the database for the creation of a user account.

When logging into the system, this sql statement works, but I can't figure out how to reverse it, so I'm assuming this is a one-way encryption:

$sql = "SELECT email, password, first
				FROM `account` 
				WHERE `email` = '" . addslashes(htmlspecialchars($AdminID)) . "' 
				AND 
				`password` = '" . sha1(addslashes(htmlspecialchars($AdminPswd))) . "';";

I need to have a statement to retrieve the encryption and decode it for password retrieval (when a user lost their password). Is there a way to decode this or should I choose another encryption technique (2-way) other than the basic base64_decode/base64_encode?

Thanks in advance for your help.

jasonyoung

I didn't think it could be done so I force users to provide their username, answer a secret question, then lookup the associated email address for the provided username and send them a one time use password. Once they get back in they have a link to change their password to something they will hopefully remember.

Works fine since I don't have to get involved.

andersstudio

Sounds like a lot of work to create a 1-time use password. It appears as though its either a basic two-way encryption technique, or a secure one-way with a password reset and recommend they change it? It looks like the only other way is mcrypt, which looks too complicated for me...

Roger_Ramjet

You can't reverse sha1 or md5 hashes so use aes encrytion instead.

andersstudio

ok. I just went with a reset. thanks.