"how would the hashed value in the db be converted back to their original password of 'Test'"
You dont - you have to send them a new password. -----Original Message----- From: Ian Vaughan [mailto:[EMAIL PROTECTED] Sent: 14 October 2005 09:59 To: CF-Talk Subject: RE: security suggestions? Sor for example if I used the following when the user registers their details #Hash("form.Password", "SHA-512")# to store the hash of the password ( i.e. 'Test.) the user has entered in the form to be stored in the database Then when the user logs in and enters their password of 'Test' using the login check below, it fails to recognize the password? --snippet--- WHERE Password = '#Hash("form.Password", "SHA-512")#' </CFQUERY> Any ideas on where I am going wrong? Also if I hashed the password in the database, and offered a feature if the user forgets their password and wanted their password e-mailed to their registered e-mail addresss, how would the hashed value in the db be converted back to their original password of 'Test' ? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:221001 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54