Yes, rainbow tables or a TON of extra time and processing power would be the solution(s) but that's much more involved (or at least time consuming) than brute force these days so definitely stick with your hashes. The method I described could just as easily be done with usernames OR email addresses by the way.
..:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com -----Original Message----- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 16, 2008 10:18 AM To: CF-Talk Subject: RE: Passwod recovery strategies If they forgot their user name, then they have other problems because that is their Windows domain login as well as the first part of their E-mail address. (Company Intranet) Our helpdesk (which is available during all business hours) is equipped to supply a user with their user name if it is forgotten. The password is of course hashed, so no one can get to it... well maybe with a rainbow table. :) ~Brad -----Original Message----- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 15, 2008 7:49 PM To: CF-Talk Subject: Re: Passwod recovery strategies >>* User clicks "forgot my password link" * They enter their user name and e-mail address What if he forgot his user name? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:303563 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
