Re: [PHP] Password encryption and password retrieval
Hi, Thank you every one for responding to my mail and giving valuable comments and suggestions for it. Thanx, ..Deeps.. --- Deep [EMAIL PROTECTED] wrote: Hi evryone, I want to implement a site where i would like to encrypt the password of the users and store it into mysql database. My question is that , In case if the user has forgotten the password how can he retrieve the password(which is already encrypted and stored...the user should be able to get the decrypted password). Also which encryption method would you recommend. ie. md5,crypt, etc Thanx, ..Deeps.. Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Password encryption and password retrieval
Hi evryone, I want to implement a site where i would like to encrypt the password of the users and store it into mysql database. My question is that , In case if the user has forgotten the password how can he retrieve the password(which is already encrypted and stored...the user should be able to get the decrypted password). Also which encryption method would you recommend. ie. md5,crypt, etc Thanx, ..Deeps.. Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password encryption and password retrieval
Hi You are doing the right thing storing passwords encrypted! You may use any of the one way digest like secure hash 1 (sha1) or md5 or a combination to generate a hash. In case your user forgets his password, there is no way to reconstruct it. You need to provide an interface where the user can enter their email and the script sends a message to the user with a token. Afterwards, this token is used as one time password to login and change the password. Regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK- Version: 3.1 GAT/O/E$ d-(---)+ s:(+): a--(-)? C$(+++) UL$ P-(+)++ L+++$ E---(-)@ W++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e$@ h++(*) r--++ y--() -- ---END GEEK CODE BLOCK-- -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password encryption and password retrieval
I want to implement a site where i would like to encrypt the password of the users and store it into mysql database. My question is that , In case if the user has forgotten the password how can he retrieve the password(which is already encrypted and stored...the user should be able to get the decrypted password). Once encrypted that's it. The user can't get it back. Best thing is to ask them to verify additional information and then send a randomly generated passwort to the email address *you* have on file for that user. They can then change it when they login. Also which encryption method would you recommend. ie. md5,crypt, etc of those two, md5. search the net for discussions about md5 vs sha1... -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Password encryption and password retrieval
On Tuesday 10 May 2005 16:05, Deep wrote: Hi evryone, I want to implement a site where i would like to encrypt the password of the users and store it into mysql database. My question is that , In case if the user has forgotten the password how can he retrieve the password(which is already encrypted and stored...the user should be able to get the decrypted password). The user won't be able to retrieve it's password if you want your application to be secure. The best practice is to flush the password and let the user reactivate it's account by providing him a temporary password. Also which encryption method would you recommend. ie. md5,crypt, etc Thanx, ..Deeps.. Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony -- Cyberly yours, Petar Nedyalkov Devoted Orbitel Fan :-) PGP ID: 7AE45436 PGP Public Key: http://bu.orbitel.bg/pgp/bu.asc PGP Fingerprint: 7923 8D52 B145 02E8 6F63 8BDA 2D3F 7C0B 7AE4 5436 pgpkngZA6f5uq.pgp Description: PGP signature
