Hi, I just thought i would point out that the entire point of crypt, md5, or MySQL password() function is to create a hash out of the original string. However, they are designed so it is computationally infeasible to take a hash and find out the original string was. Actually, it is impossible to know exactly what the original string was, because there may be more than one input that creates the same output. The chances of this happening in a password case are EXTREMELLY RARE.
Sometimes, I to use md5 to hash passwords, and others, I just store the plain text passwords in the protected database. In most cases, if someone has access to your database, you have bigger things to worry about than them getting your password list. Best Regards, Jason Garber IonZoft.com At 11:56 PM 2/3/2002 +0800, you wrote: >Hi there, >I'm creating a user/password table that will use either Mysql Password or >PHP Crypt function to encrypt the data. I know these functions are non >reversible for good reason, but how do I deal with a situation where I want >to email out a forgotton password? How can I get the passwrd back to a form >recognisable to the user? >Thanx in advance >Phil > > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
