On 2011-08-16, at 5:08 AM, Richard Quadling <rquadling@xxxxxxxxx> wrote: > On 16 August 2011 09:14, James Colannino <james@xxxxxxxxxxxxx> wrote: >> Hi everyone, >> >> I don't post all that often, so I hope my (mildly) off-topic question >> won't be too unwelcome... Keep in mind that I'm still pretty new when >> it comes to security, so what I propose may or may not sound incredibly >> dumb (you have been warned! :-P) >> >> I'm working on a project in PHP, a toy framework, and would really like >> to be able to send someone their password should they ever forget it. >> The only problem is that it's best not to store the actual password in >> the database, or at least to store it unencrypted. >> >> Security-wise, how would the following scenario work out for password >> retrieval: >> >> You ask the user to setup a "security question" when they create their >> account. You use the string value of the answer to the question as a >> cryptographic key, and encrypt the password with it. You also generate >> a random string of characters, and encrypt it with the same key. You >> store the encrypted password, along with both the encrypted and >> unencrypted versions of the randomly generated string, in the database. >> >> When the user goes to retrieve their password, they enter their security >> question. The randomly generated string is then decrypted using the >> answer as the key. If it matches the unencrypted version stored in the >> database, you know you have the correct answer, and use it to decrypt >> the user's password and send it to the email the user has setup for >> their account. >> >> James >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > Take a look at https://code.google.com/p/loginsystem-rd/ > > Whilst it is just a login system, the techniques here could be adapted > and probably learned from (if you are new to security). > > > > > -- > Richard Quadling > Twitter : EE : Zend : PHPDoc > @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > Never never send emails with passwords. I have a number of clients who are requesting that the user answer a security question and then it emails a link with a defined lifespan which will allow them to change the password. If they don't click the link in time, it expires and the process starts all over again. Bastien -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
