That's exactly right, a one way hash is irrecoverable. You don't tell them what their password used to be, you send them a random one to their email address that has been validated in your system and make them change it, or ask them for some key information that you store and have them change it on your site.
You could use some two-way encryption that allows you to endcode and decode (encrypt/decrypt) passwords but I don't think that's all that useful. On Wed, 21 Jul 2004 14:41:55 -0000, bef218 <[EMAIL PROTECTED]> wrote: > When you say it is a "one way hash" does that mean that you cannot > convert the hashed value back into its original value. Like if > someone has forgotten their password, how would you be able to tell > them what it is? > Barry > > --- In [EMAIL PROTECTED], Jeffrey > Schoolcraft <[EMAIL PROTECTED]> wrote: > > ugly page, but this might help > > http://rossm.net/Electronics/Computers/Software/ASP/ > > > > On Wed, 21 Jul 2004 14:08:00 -0000, bef218 <[EMAIL PROTECTED]> wrote: > > > I like that idea a lot. Where can I find out some info on "MD5"? > > > > > > Thanks, > > > Barry > > > > > > Yahoo! Groups Links > > > > > ------------------------ Yahoo! Groups Sponsor --------------------~--> Yahoo! Domains - Claim yours for only $14.70 http://us.click.yahoo.com/Z1wmxD/DREIAA/yQLSAA/saFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/AspClassicAnyQuestionIsOk/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
