On 4 Apr 2009, at 15:38 , Joshua Partogi wrote: > Dear all, > > I already take a look at the django.contrib.auth.models but could not > find any methods for decrypting the user password. > > Sometimes we need to get the real text password to be sent to user. > > What is the best way to do this? Anybody has got an idea? > > Thank you very much in advance!
Django's passwords are salted[1] and hashed[2]. You cannot[3] retrieve them, and that's exactly the intent (well the intent is not that *you* cannot retrieve them, it's that nobody else can). If you need to send users their passwords, you have to generate new (random) passwords and send them that. Masklinn [1] http://en.wikipedia.org/wiki/Salt_(cryptography) [2] http://en.wikipedia.org/wiki/Cryptographic_hash [3] you can probably bruteforce them if you have a lot of time and computing power to waste, and future SHA-1 breakages might help you further, but that's all. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
