Password Reset

--0-1804202471-1204095121=:79994
Content-Type: text/plain; charset=us-ascii

Hi,

I have encrypted password in database and I encrypted using MD5(). As it is a one-way Hash so I cant get password back to original text !!!

What encrypting technique I used to encrypt password so if user forget, I can decrypt password and email it.


Regards

Nasreen


____________________________________________________________ ________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?categor y=shopping
--0-1804202471-1204095121=:79994--

Re: Password Reset

Nasreen Laghari wrote:
> Hi,
>
> I have encrypted password in database and I encrypted using MD5(). As it is a one-way Hash so I cant get password back to original text !!!
>
> What encrypting technique I used to encrypt password so if user forget, I can decrypt password and email it.

Don't worry about decrypting anything, just generate a new random
password, email that to them and they can change it again themselves
once they log in to your app.


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Password Reset [bayes]

Don't. Re-generate a randomized password and force the user to reset it
upon first login. Only allow the user to do this if they answer a security
question successfully. It's how many online entities will perform password
recovery.

Thanks,

Chris





On 2/26/08 10:52 PM, "Nasreen Laghari" wrote:

> Hi,
>
> I have encrypted password in database and I encrypted using MD5(). As it is a
> one-way Hash so I cant get password back to original text !!!
>
> What encrypting technique I used to encrypt password so if user forget, I can
> decrypt password and email it.
>
>
> Regards
>
> Nasreen
>
>
>
> ____________________________________________________________ __________________
> ______
> Looking for last minute shopping deals?
> Find them fast with Yahoo! Search.
> http://tools.search.yahoo.com/newsearch/category.php?categor y=shopping

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: Password Reset

--_1afa2d63-5e94-4e73-a0a3-827391e1f7ac_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


generate a new password and email that to the user
=20
bastien
> Date: Tue, 26 Feb 2008 22:52:01 -0800> From: nasreen_laghari@yahoo.com> T=
o: php-db@lists.php.net> Subject: [PHP-DB] Password Reset> > Hi,> > I have =
encrypted password in database and I encrypted using MD5(). As it is a one-=
way Hash so I cant get password back to original text !!!> > What encryptin=
g technique I used to encrypt password so if user forget, I can decrypt pas=
sword and email it.> > > Regards> > Nasreen> > > __________________________=
__________________________________________________________> Looking for las=
t minute shopping deals? > Find them fast with Yahoo! Search. http://tools.=
search.yahoo.com/newsearch/category.php?category=3Dshopping
____________________________________________________________ _____


--_1afa2d63-5e94-4e73-a0a3-827391e1f7ac_--

Re: Password Reset

On Wed, Feb 27, 2008 at 1:52 AM, Nasreen Laghari
wrote:
> Hi,
>
> I have encrypted password in database and I encrypted using MD5(). As it is a one-way Hash so I cant get password back to original text !!!
>
> What encrypting technique I used to encrypt password so if user forget, I can decrypt password and email it.

There are a bunch you could use, from the sickeningly simple
(ROT-13) to a key-based reversible algorithm (Blowfish/Twofish).
However, your best bet would just be to generate a new, random
password, and email it to the user. Then, when they successfully
retrieve the new password and log in, require them to change their
password. This will also allow them to go back to the password they
were using, should they choose to do so.

ADDED BONUS! Lesson in Terminology: ;-P
Encryption: CAN be decrypted. Blowfish, Twofish, DES, et cetera.
Hash: CAN NOT be "de-hashed". MD5, SHA1, *nix salts, et cetera.

--


Daniel P. Brown
Senior Unix Geek


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: Password Reset

As every body as said, it is not a best security practice to decrypt
passwords if the user forgets it. You should not provide of ways for =
hackers
to decrypt such passwords in the event of a security incident.=20

You better allow users to reset their passwords after providing evidence =
of
her/his authentication.

__________________
Miguel Guirao Aguilera, Linux+, ITIL
Sistemas de Informaci=F3n
Inform=E1tica R8
Ext. 7540


--> -----Original Message-----
--> From: Nasreen Laghari [mailto:nasreen_laghari@yahoo.com]
--> Sent: Mi=E9rcoles, 27 de Febrero de 2008 12:52 a.m.
--> To: php-db@lists.php.net
--> Subject: [PHP-DB] Password Reset
-->=20
--> Hi,
-->=20
--> I have encrypted password in database and I encrypted using MD5(). =
As
--> it is a one-way Hash so I cant get password back to original text =
!!!
-->=20
--> What encrypting technique I used to encrypt password so if user =
forget,
--> I can decrypt password and email it.
-->=20
-->=20
--> Regards
-->=20
--> Nasreen
-->=20
-->=20
-->=20
--> =
____________________________________________________________ ____________
--> ____________
--> Looking for last minute shopping deals?
--> Find them fast with Yahoo! Search.
--> =
http://tools.search.yahoo.com/newsearch/category.php?categor y=3Dshopping

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php