"Dan McCullough" <[EMAIL PROTECTED]> wrote:
> Is there away to take a md5 encrypted password and decrypt it and give
that to the client, if they
> fogot their password.

Short answer is no, long answer below.  I just answered this on another list
10 minutes ago so I'm pasting in part of my reply unedited.

You could use something like John the Ripper, which is a password cracker
you can install on the server.  It works by taking a list of words,
word-number combinations, etc. from a dictionary and encrypting them, then
comparing the encrypted results with the encrypted passwords stored on your
server.  If there's a match it notes the cracked password.  It's good for
detecting weak passwords and can actually detect them very quickly, but if
the passwords are strong then it's not effective for your purposes (that's a
good thing) since by the time it cracked the password (if it did) your user
would have likely taken their business elsewhere.  On a few servers I manage
I run it periodically to check for weak passwords, then I contact the users
with weak passwords and ask that they change them.

John the Ripper: http://www.openwall.com/john/

Steve Werby
President, Befriend Internet Services LLC

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to