Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reversing django.contrib.auth.models.User password, sha1 to readable string

from django.contrib.auth.models import User
u = User.objects.get(username='test')
user.password
u'sha1$c6755$66fc32b05c2be8acc9f75eac3d87d3a88f513802

Is reversing this password encryption possible?

like image 205
panchicore Avatar asked Aug 31 '09 19:08

panchicore


3 Answers

Yes, it's possible. All you need is a few million years, and a computer the size of our solar system.

like image 195
John Millikin Avatar answered Oct 11 '22 13:10

John Millikin


Sha-1 is a one-way hash. It cannot be reversed except for using a brute force attack which will take millions of years.

There are some online databases that let you reverse the hash of common words/conbinations of words. However, django adds "salt" to the password before it computes the hash, so you cannot reverse django passwords.

That's why a hash is used. Nobody can find out your password, not even sys admins :-)

like image 34
Humphrey Avatar answered Oct 11 '22 13:10

Humphrey


No, that's the point.

If your user forgot their password, you'll have to reset it.

like image 24
Robert Greiner Avatar answered Oct 11 '22 12:10

Robert Greiner