What is hashing?
From Wikipedia: "... a Cryptographic Hash Function is a transformation that takes an input and returns a fixed-size string, which is called the hash value.
To avoid confusion, and at the risk of being corrected by a smarty-pant, I will simplify and say that a hash function takes an input string, scrambles it up in a predictable manner and returns another string that cannot be reversed.
Let's look at some code.
If I take the following three values:
<cfset val1 = "Jason" />
<cfset val2 = "Model-Glue" />
<cfset val3 = "SR-71 Blackbird" />
and hash them using the popular MD5 hash function
<cfset hash1 = Hash(val1,"MD5") />
<cfset hash2 = Hash(val2,"MD5") />
<cfset hash3 = Hash(val3,"MD5") />
And output them to the screen
I would get these values:
So regardless of the length of the input string, the results are all the same length, but with unique values.
Now, let's do that same hash again:
Oh, look at that, the exact same values. This is what I meant by "predictable" results. If you hash a string of text with the same hash function over and over again, you will always get the same result. That presents an issue that we will talk about when we discuss salting.
That's a very good question, and the answer is, you don't. What you do instead, is generate a random password (7 or 8 characters ought to do) and you Hash that and then send the new unhashed password to your user. The new password you send should be for one-time use only and should expire after a short time. Another option that many employ is to send the user a one-time unique, time-sensitive URL that they can click on and then reset the password themselves. Either method, I think, is acceptable.
If you asked that question, then Kudos! Bravo Zulu, to you. That is the exact right question ask. You should become a security professional. What you are describing there, in essence, is a rainbow table. A rainbow table is a look up table of possible hash values for common passwords, credit card numbers, or any other data that could be obfuscated through hashing. The existence of rainbow tables adds another step to our password security. Fortunately, it is an easy step. It is called "salting".