As every body as said, it is not a best security practice to decrypt
passwords if the user forgets it. You should not provide of ways for hackers
to decrypt such passwords in the event of a security incident.
You better allow users to reset their passwords after providing evidence of
her/his auth
On Wed, Feb 27, 2008 at 1:52 AM, Nasreen Laghari
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have encrypted password in database and I encrypted using MD5(). As it is
> a one-way Hash so I cant get password back to original text !!!
>
> What encrypting technique I used to encrypt password so if user
generate a new password and email that to the user
bastien
> Date: Tue, 26 Feb 2008 22:52:01 -0800> From: [EMAIL PROTECTED]> To:
> php-db@lists.php.net> Subject: [PHP-DB] Password Reset> > Hi,> > I have
> encrypted password in database and I encrypted using MD5(). As it is a
> one-way Hash so
Nasreen Laghari wrote:
Hi,
I have encrypted password in database and I encrypted using MD5(). As it is a
one-way Hash so I cant get password back to original text !!!
What encrypting technique I used to encrypt password so if user forget, I can
decrypt password and email it.
Don't worry ab
Don't. Re-generate a randomized password and force the user to reset it
upon first login. Only allow the user to do this if they answer a security
question successfully. It's how many online entities will perform password
recovery.
Thanks,
Chris
On 2/26/08 10:52 PM, "Nasreen Laghari" <[EM
