Quote:
Originally Posted by sarettah
You don't want to do that. Just imho, of course.
.
|
Yea, Just do a password reset. They make hashes one way, you can't decode. So, if your database ever gets compromised there aren't a bunch of compromised passwords out there. People still reuse passwords. They may use the same password and email address for their porn account as they use for their local bitcoin account.
Hackers would have to run a program like OCL-Hashcat. Usually run a dictionary file of common passwords. The program hashes a password and compares it to your hash.
It takes a long time. Hashing algos like MD5 are not recommended anymore because they are too easy to process. Looks like a bcrypt algo you got there. That is a good one.
There are websites, one that was shut down called raidforums, it was replaced by breached.to. Where people share stolen databases. They also share combolists. Usernames along with the cracked passwords.