Decrypting Password

[hardik...@gmail.com]

I want to decrypt the encrypted   the password formed in django is there any way please help me

[Etienne Robillard]

And why do you want to do that?

Etienne

Le 2017-12-14 à 02:08, hardik...@gmail.com a écrit :

I want to decrypt the encrypted   the password formed in django is there any way please help me

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/8effca8d-942c-493d-ad34-a7ca43524318%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
Etienne Robillard
tka...@yandex.com
https://www.isotopesoftware.ca/

[Andréas Kühne]

The point of the way the password is stored, is to prevent this. I don't think it is possible to decrypt the password, because it's not encrypted. It's a hash that should be oneway.

See: https://docs.djangoproject.com/en/2.0/topics/auth/passwords/

What you can do is try passwords until you find the correct one (you can script that) OR you can manually set a new password on a user.

Regards,

Andréas

2017-12-14 8:08 GMT+01:00 <hardik...@gmail.com>:

I want to decrypt the encrypted   the password formed in django is there any way please help me

--

You received this message because you are subscribed to the Google Groups "Django users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.

[Tim Chase]

On 2017-12-13 23:08, hardik...@gmail.com wrote:
> I want to decrypt the encrypted the password formed in django is
> there any way please help me

It's considered a bad (horrible, really) security practice to store
passwords that you can retrieve. I'll grant that some of the Mailman
lists to which I subscribe do this and send me monthly password
reminders in plain-text as well, but I've learned to use unique
(or throwaway) passwords for any mailing-list subscription.

You have a couple options:

- guess against it until you have it. This may (and should) take an
inordinate amount of time. Like decades, centuries, or millennia.
It might be easier if you have nation-state resources at your
disposal. This can be sped up considerably if you have a
known set of candidate password components ("I know it was one of
these N passwords that I normally use" or "I usually mix from these
N different components when creating a password, I just forgot which
ones or how I sequenced them")

- insert code to intercept the plain-text password when that user
logs in, then do what you need at that point

- change your password storage set-up so that it stores the
plain-text password (again, this is a REALLY bad idea)

- if you've just forgotten your password but have DB access, you can
hash a known password and then set that without ever knowing what
the original password was

- if you need to log in as a particular user, do a
save/change/restore:

1) save off the old password hash
2) store in a hash created from a known password
3) do whatever you need to do (during which the user can't log in)
4) restore the hash value you saved in #1

(roughly the same as the previous item, only you restore the
original password when you're done)

-tkc

[desti...@gmail.com]

Actually you can do this. Creating new model with username and password fields (Plain Text) and a custom authentication forms and view and all passwords are absolutely compromised. if you use the Django auth model and you are trying to crack any password. Brute forcing is the only way see https://docs.djangoproject.com/en/2.0/topics/auth/passwords/#how-django-stores-passwords for more information.