RE: [PHP-DB] Password Reset
As every body as said, it is not a best security practice to decrypt passwords if the user forgets it. You should not provide of ways for hackers to decrypt such passwords in the event of a security incident. You better allow users to reset their passwords after providing evidence of her/his authentication. __ Miguel Guirao Aguilera, Linux+, ITIL Sistemas de Información Informática R8 Ext. 7540 --> -Original Message- --> From: Nasreen Laghari [mailto:[EMAIL PROTECTED] --> Sent: Miércoles, 27 de Febrero de 2008 12:52 a.m. --> To: php-db@lists.php.net --> Subject: [PHP-DB] Password Reset --> --> Hi, --> --> I have encrypted password in database and I encrypted using MD5(). As --> it is a one-way Hash so I cant get password back to original text !!! --> --> What encrypting technique I used to encrypt password so if user forget, --> I can decrypt password and email it. --> --> --> Regards --> --> Nasreen --> --> --> --> --> --> Looking for last minute shopping deals? --> Find them fast with Yahoo! Search. --> http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Password Reset
On Wed, Feb 27, 2008 at 1:52 AM, Nasreen Laghari <[EMAIL PROTECTED]> wrote: > Hi, > > I have encrypted password in database and I encrypted using MD5(). As it is > a one-way Hash so I cant get password back to original text !!! > > What encrypting technique I used to encrypt password so if user forget, I > can decrypt password and email it. There are a bunch you could use, from the sickeningly simple (ROT-13) to a key-based reversible algorithm (Blowfish/Twofish). However, your best bet would just be to generate a new, random password, and email it to the user. Then, when they successfully retrieve the new password and log in, require them to change their password. This will also allow them to go back to the password they were using, should they choose to do so. ADDED BONUS! Lesson in Terminology: ;-P Encryption: CAN be decrypted. Blowfish, Twofish, DES, et cetera. Hash:CAN NOT be "de-hashed". MD5, SHA1, *nix salts, et cetera. -- Daniel P. Brown Senior Unix Geek -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Password Reset
generate a new password and email that to the user bastien > Date: Tue, 26 Feb 2008 22:52:01 -0800> From: [EMAIL PROTECTED]> To: > php-db@lists.php.net> Subject: [PHP-DB] Password Reset> > Hi,> > I have > encrypted password in database and I encrypted using MD5(). As it is a > one-way Hash so I cant get password back to original text !!!> > What > encrypting technique I used to encrypt password so if user forget, I can > decrypt password and email it.> > > Regards> > Nasreen> > > > > > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. > http://tools.search.yahoo.com/newsearch/category.php?category=shopping _
Re: [PHP-DB] Password Reset
Nasreen Laghari wrote: Hi, I have encrypted password in database and I encrypted using MD5(). As it is a one-way Hash so I cant get password back to original text !!! What encrypting technique I used to encrypt password so if user forget, I can decrypt password and email it. Don't worry about decrypting anything, just generate a new random password, email that to them and they can change it again themselves once they log in to your app. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Password Reset [bayes]
Don't. Re-generate a randomized password and force the user to reset it upon first login. Only allow the user to do this if they answer a security question successfully. It's how many online entities will perform password recovery. Thanks, Chris On 2/26/08 10:52 PM, "Nasreen Laghari" <[EMAIL PROTECTED]> wrote: > Hi, > > I have encrypted password in database and I encrypted using MD5(). As it is a > one-way Hash so I cant get password back to original text !!! > > What encrypting technique I used to encrypt password so if user forget, I can > decrypt password and email it. > > > Regards > > Nasreen > > > > __ > __ > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. > http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Password Reset
Hi, I have encrypted password in database and I encrypted using MD5(). As it is a one-way Hash so I cant get password back to original text !!! What encrypting technique I used to encrypt password so if user forget, I can decrypt password and email it. Regards Nasreen Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping