Forgotten password and md5

Forum Moderators: coopster

Message Too Old, No Replies

Forgotten password and md5

can you retrive the password?

neophyte

1:29 am on Jun 28, 2005 (gmt 0)

I've read in a number of places that once you've encrypted a password with an md5 hash, you can't de-crypt it.

So...if one wanted to put a link on a log-in page that says "forgot your password" - which, when clicked, would automatically email the recipient their password - how is this done without keeping a copy of the unencrypted password in the database?

I've seen this "forgot your password" link in many other sites, but how do they accomplish automatically sending a "un-hashed" password if it's already incrypted?

Do these other sites use some other kind of password encryption which can be decrypted on the fly?

Neophyte

Dijkgraaf

2:07 am on Jun 28, 2005 (gmt 0)

Yes, some might use a encryption method which allows it to be decrypted with the correct key.

Others handle it by genererating a new password and e-mailing that to the registered e-mail address (and updating the user database with the new encrypted password).
The user can then log in and set the password to whatever they want.

jatar_k

3:55 am on Jun 28, 2005 (gmt 0)

they probably do use an unencryptable method but it is a foolish thing to do

you never want to know a user's password, assign them a new random one and force them to change it on login.

neophyte

9:52 am on Jun 28, 2005 (gmt 0)

ok. Thanks.

sifredi

9:56 am on Jun 28, 2005 (gmt 0)

Send them a new password.