Hi everyone, I don't post all that often, so I hope my (mildly) off-topic question won't be too unwelcome... Keep in mind that I'm still pretty new when it comes to security, so what I propose may or may not sound incredibly dumb (you have been warned! :-P) I'm working on a project in PHP, a toy framework, and would really like to be able to send someone their password should they ever forget it. The only problem is that it's best not to store the actual password in the database, or at least to store it unencrypted. Security-wise, how would the following scenario work out for password retrieval: You ask the user to setup a "security question" when they create their account. You use the string value of the answer to the question as a cryptographic key, and encrypt the password with it. You also generate a random string of characters, and encrypt it with the same key. You store the encrypted password, along with both the encrypted and unencrypted versions of the randomly generated string, in the database. When the user goes to retrieve their password, they enter their security question. The randomly generated string is then decrypted using the answer as the key. If it matches the unencrypted version stored in the database, you know you have the correct answer, and use it to decrypt the user's password and send it to the email the user has setup for their account. James -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
