Nobody is supposed to "recover a password", otherwise it would defeat one of the most important properties of the passwords. Passwords should not be recoverable, ever. If a password is lost, a brand new one should be created. I would say, the major purpose of password recovery would be committing a crime. Passwords in their original form is never needed for authentication. Also, passwords are never stored anywhere, but the
cryptographic hash of a password can be stored with reasonable security.
Please see my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[
^],
Decryption of Encrypted Password[
^],
storing password value int sql server with secure way[
^].
Please also see the discussion in the comments to the question. H. Brydon is right: MD5 should never be used for security purposes.
—SA