On 16 August 2011 09:14, James Colannino <james@xxxxxxxxxxxxx> wrote: > Hi everyone, > > I don't post all that often, so I hope my (mildly) off-topic question > won't be too unwelcome... Keep in mind that I'm still pretty new when > it comes to security, so what I propose may or may not sound incredibly > dumb (you have been warned! :-P) > > I'm working on a project in PHP, a toy framework, and would really like > to be able to send someone their password should they ever forget it. > The only problem is that it's best not to store the actual password in > the database, or at least to store it unencrypted. > > Security-wise, how would the following scenario work out for password > retrieval: > > You ask the user to setup a "security question" when they create their > account. You use the string value of the answer to the question as a > cryptographic key, and encrypt the password with it. You also generate > a random string of characters, and encrypt it with the same key. You > store the encrypted password, along with both the encrypted and > unencrypted versions of the randomly generated string, in the database. > > When the user goes to retrieve their password, they enter their security > question. The randomly generated string is then decrypted using the > answer as the key. If it matches the unencrypted version stored in the > database, you know you have the correct answer, and use it to decrypt > the user's password and send it to the email the user has setup for > their account. > > James > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Take a look at https://code.google.com/p/loginsystem-rd/ Whilst it is just a login system, the techniques here could be adapted and probably learned from (if you are new to security). -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
