Re: [PHP] Password encryption and password retrieval

2005-05-11 Thread Deep

Hi,

  Thank you every one for responding to my mail and
giving valuable comments and suggestions for it.

Thanx,
..Deeps..


--- Deep [EMAIL PROTECTED] wrote:
 
 Hi evryone,
 
   I want to implement a site where i would like to
 encrypt the password of the users and store it into
 mysql 
 database. My question is that , In case if the user
 has forgotten the password how can he retrieve the
 password(which is already encrypted and stored...the
 user should be able to get the decrypted password). 
 
 Also which encryption method would you recommend.
 ie.
 md5,crypt, etc
 
 Thanx,
 ..Deeps..
 


 Yahoo! India Matrimony: Find your life partner
 online
 Go to: http://yahoo.shaadi.com/india-matrimony
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 


Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Password encryption and password retrieval

2005-05-10 Thread Deep

Hi evryone,

  I want to implement a site where i would like to
encrypt the password of the users and store it into
mysql 
database. My question is that , In case if the user
has forgotten the password how can he retrieve the
password(which is already encrypted and stored...the
user should be able to get the decrypted password). 

Also which encryption method would you recommend. ie.
md5,crypt, etc

Thanx,
..Deeps..


Yahoo! India Matrimony: Find your life partner online
Go to: http://yahoo.shaadi.com/india-matrimony

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Password encryption and password retrieval

2005-05-10 Thread Andy Pieters
Hi 

You are doing the right thing storing passwords encrypted!

You may use any of the one way digest like secure hash 1 (sha1) or md5 or a 
combination to generate a hash.

In case your user forgets his password, there is no way to reconstruct it.  
You need to provide an interface where the user can enter their email and the 
script sends a message to the user with a token.  Afterwards, this token is 
used as one time password to login and change the password.

Regards


Andy

-- 
Registered Linux User Number 379093
-- --BEGIN GEEK CODE BLOCK-
Version: 3.1
GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++
L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++)
PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+)
e$@ h++(*) r--++ y--()
-- ---END GEEK CODE BLOCK--
--
Check out these few php utilities that I released
 under the GPL2 and that are meant for use with a 
 php cli binary:
 
 http://www.vlaamse-kern.com/sas/
--

--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Password encryption and password retrieval

2005-05-10 Thread Philip Hallstrom
 I want to implement a site where i would like to
encrypt the password of the users and store it into
mysql
database. My question is that , In case if the user
has forgotten the password how can he retrieve the
password(which is already encrypted and stored...the
user should be able to get the decrypted password).
Once encrypted that's it.  The user can't get it back.  Best thing is to 
ask them to verify additional information and then send a randomly 
generated passwort to the email address *you* have on file for that user.

They can then change it when they login.
Also which encryption method would you recommend. ie.
md5,crypt, etc
of those two, md5.  search the net for discussions about md5 vs sha1...
-philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] Password encryption and password retrieval

2005-05-10 Thread Petar Nedyalkov
On Tuesday 10 May 2005 16:05, Deep wrote:
 Hi evryone,

   I want to implement a site where i would like to
 encrypt the password of the users and store it into
 mysql
 database. My question is that , In case if the user
 has forgotten the password how can he retrieve the
 password(which is already encrypted and stored...the
 user should be able to get the decrypted password).

The user won't be able to retrieve it's password if you want your application 
to be secure.

The best practice is to flush the password and let the user reactivate it's 
account by providing him a temporary password.


 Also which encryption method would you recommend. ie.
 md5,crypt, etc

 Thanx,
 ..Deeps..

 
 Yahoo! India Matrimony: Find your life partner online
 Go to: http://yahoo.shaadi.com/india-matrimony

-- 

Cyberly yours,
Petar Nedyalkov
Devoted Orbitel Fan :-)

PGP ID: 7AE45436
PGP Public Key: http://bu.orbitel.bg/pgp/bu.asc
PGP Fingerprint: 7923 8D52 B145 02E8 6F63 8BDA 2D3F 7C0B 7AE4 5436


pgpkngZA6f5uq.pgp
Description: PGP signature