I just thought i would point out that the entire point of crypt, md5, or 
MySQL password() function is to create a hash out of the original 
string.  However, they are designed so it is computationally infeasible to 
take a hash and find out the original string was.  Actually, it is 
impossible to know exactly what the original string was, because there may 
be more than one input that creates the same output.  The chances of this 
happening in a password case are EXTREMELLY RARE.

Sometimes, I to use md5 to hash passwords, and others, I just store the 
plain text passwords in the protected database. In most cases, if someone 
has access to your database, you have bigger things to worry about than 
them getting your password list.

Best Regards,

Jason Garber

At 11:56 PM 2/3/2002 +0800, you wrote:
>Hi there,
>I'm creating a user/password table that will use either Mysql Password or
>PHP Crypt function to encrypt the data. I know these functions are non
>reversible for good reason, but how do I deal with a situation where I want
>to email out a forgotton password? How can I get the passwrd back to a form
>recognisable to the user?
>Thanx in advance
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to