Fine. I don't want to argue semantics. The admin wanted to know the password. This technique (not a reversal, according to you) will give it to him.

Good grief! All this arguing about cracking passwords and LQ rules, when all the OP has to do is change the password and notify the user what his new password is.

The usual statute of limitations applies; how long has that been unsupported?

Given that, technically, you can't get back the password with certainty (you can get something that has a strong possibility of being the password, particularly with weak passwords, but that isn't certainty) the usual approach is to say to the user 'here is your new temporary password, now change it to something that you would like...and check that they have actually changed it.

What comes to mind is the old Rolling Stones song 'You can't always get what you want (particularly when it is computationally unfeasibly), but you might just find, if you try sometimes, you can get what you need'.

Doesn't scan that well, for some reason, though.

Right, but the OP actually specified that he did NOT want to do that.This, of course, puts an interesting spin on things.

I've never been accused of giving the user what he wants when some other response would be better. I've always felt that if the user knew the proper solution, he wouldn't need to ask the question.

Heh, fair enough.

At this point, I would like to remind everyone that providing assistance with cracking is not allowed here at LQ. Any member who goes down that path will be in violation of the LQ Rules. We are therefore unable to help the OP with running the hash through a password cracker, and the question of why exactly he is unable/unwilling to change the password must be raised.

OK. Maybe he didn't ask the right question?

Maybe he's concerned that the user used a weak password and therefore his question should have been "How do I enforce tougher password policies?"

I suppose it could be for illegal purpose too. If you suspect that I might have used the same password on my bank account, then he asked the right question and it's the hapless user who needs education.

Maybe it was just curiosity.

Maybe he has reason to login as that user and doesn't know about "su - username" - again, wrong question.


Maybe it was a homework question, better cloaked than most.

Maybe, maybe. I think people deserve full answers. Sometimes we get a clue that they might be asing the wrong question and I think it's worth exploring that too, if for no other reason than the edification of another reader.

But... it's not my forum. I don't set the rules or the tone.

It wasn't clear to me if the user lost their password or if the OP being an admin had inadvertently blown it away and was trying to restore it to what it had been before.

If they don't know the original password and don't have the encrypted password it seems only psychic powers or a time machine would get it back.

thanks for you all...