On Wed, Feb 27, 2008 at 1:52 AM, Nasreen Laghari
<nasreen_laghari@xxxxxxxxx> wrote:
> Hi,
>
> I have encrypted password in database and I encrypted using MD5(). As it is a one-way Hash so I cant get password back to original text !!!
>
> What encrypting technique I used to encrypt password so if user forget, I can decrypt password and email it.
There are a bunch you could use, from the sickeningly simple
(ROT-13) to a key-based reversible algorithm (Blowfish/Twofish).
However, your best bet would just be to generate a new, random
password, and email it to the user. Then, when they successfully
retrieve the new password and log in, require them to change their
password. This will also allow them to go back to the password they
were using, should they choose to do so.
ADDED BONUS! Lesson in Terminology: ;-P
Encryption: CAN be decrypted. Blowfish, Twofish, DES, et cetera.
Hash: CAN NOT be "de-hashed". MD5, SHA1, *nix salts, et cetera.
--
</Dan>
Daniel P. Brown
Senior Unix Geek
<? while(1) { $me = $mind--; sleep(86400); } ?>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
