I am using require 'digest/sha1' to encrypt my password and save into database. During login I authenticate by matching the encrypted password saved in database and again encrypted the one use enter in password field. As of now everything works fine but now I want to do ‘Forgot Password’ functionality. To do this I need to decrypt the password which is saved in database to find original one. How to decrypt using digest/sha1?
Or does anyone know any algorithm which supports encryption & decryption as well?
I am using ruby on rails so I need Ruby way to accomplish it.
SHA1 is a one way function you can’t reverse it.
This may be of interest re password resets:
http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/
If you want to do encryption/decryption then you should use something like AES. Once you start using encryption/decryption, however, you’ll also have to start worrying about key management too.
Regarding your comment to the OP below – if you are going to to be storing CC info, I would advise you get a security person in who knows about crypto, key management etc and who also understands the relevant legal and regulatory aspects.