How can decode the password using BCryptPasswordEncoder?

Question

I want to decode the encrypted value from database. I want to sent the actual password to user via mail when he gave forgot password.

The following is the code used for encoding the passowrd

BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String password = passwordEncoder.encode(user.getPassword());

How can do the decode?

Answer 1

BCrypt is a password hashing function, i.e. a one-way function.

You can't decrypt a BCrypt hash just like you can't go back from chicken mcnuggets to the original chicken.

You can only verify that two BCrypt hashes are the same, thus verifying that a supplied password matches the original one.

A typical solution to this is to send a single-use password reset link to the user, use secret questions or some other information confirming user identity to let them set a new password.

Answer 2

It is not advisable to send the actual password to the user. you can send an activation link rather in an email.