Hi I am saving password with hashed_password and salt in table. Now I need to send those passwords via SMS can it be possible.Kindly give me some suggestion plz .
Thanks in advance
Cheers
You cannot un-hash those passwords. So no, it is not possible.
THANKS DHEERAJ, IS IT IMPOSSIBLE FOR SURE
Are you building this for a “Forgot My Password” feature? You could look into using Devise and password recovery is built right in.
If you still want to roll your own I’d recommend, at a minimum, you instead reset their password to a random password, email them the random password and let them reset it. That’s still not very secure though. Sending any password in plain text defeats the purpose of hashing and storing your passwords. There’s several better solutions like having user answer security questions, sending them a link to a temporary obfuscated page that allows them to reset their password, etc. If you’re rolling your own right now though I definitely recommend looking into the Devise gem as it will do all this for you.
Even when you completely capitalize your question, yes.
ok
Sending plaintext passwords is bad. Even across SMS. Generate a OTP token if you need to send them something.
~Johnneylee
Hi Johnneylee Rollins,
I am not sending plain text kindly read above mail for what exactly I need.
How is a hashed password going to help a user?
You said you wanted to send passwords. You did not say you wanted to send hashed_password. You'll get better results if you take the care to be precise in what you ask, rather than wasting everyone's time with ambiguous questions.
So, what do you actually want to do?
Well it wont help the user but it a strong password in rails. you can not retrieve that but you can update it. but you can not send it that is the issue. too strong passwords
I have already mention in my first message it self seem you missed that. I have no intention to waste some one’s time.
Hi I am saving password with hashed_password and salt in table. Now I need to send those passwords via SMS can it be possible.Kindly give me some suggestion plz .
This line, in the English language, can be understood as "Now I need those passwords" meaning the passwords before hashing, since you don't differentiate between the first mention of passwords and the hashed_password result. As a native English speaker, I'm letting you know that this is ambiguous and is what lead me to my understanding.
Now to answer all permutations of what you may have meant but don't seem interested in explaining further.
If the password you mention is the hashed password, that won't do the user any good. If you accept the hashed password when authenticating, then your system is horribly broken. Completely. If the password you mention is the password before it was hashed, then you're also what is called a plaintext offender. You shouldn't do this either.
If your intent, regardless of your question, is the ability to send the user some kind of token that they can use to recover their account, then that also has some issues you should be aware of. Security and privacy in this regard is highly important. I wouldn't trust SMS to be 'secure' in any way. It's not private. Thusly my suggestion of a one time pass token may work for you. You might need to employ some creativity to arrive at a more secure implementation.
If you don't wish to address our questions, perhaps you can provide a few questions that will help us help you.
~Spaceghost
Let me ask this: step back from your proposed solution, i.e. sending something via SMS, and tell us what problem you're actually trying to solve.