What would be the point of encrypting if you can decrypt it again?
use some encryption other that md5. Some encryptions are retrievable.
MD5 does the job for my site.
It doesn't need to be reversed, because my site's 'I forgot my password' policy is as follows:
1) User works out password is forgotten.
2) User types their email address into a form.
3) Form add their details to a database and md5(time(),$username,$password,$email) which makes a very unique 'difficult to crack and work out' ID. (database details are email,username,unique id)
4) Email is sent to them asking them to follow a URL.
i.e. resetpassword.php?id=9393290sdj53an04
5) The link is a form which reads the database and allows them to simply reset their password.
Instead of telling them their password, give them the option to change it. Set up a database that has codes for password changing that must be used with 24 hours or they are deleted (for security). And then just change the hash in the user database with the new one.
I don't like two-way encryption. I don't like the fact the when a single person runs the sight, they are too tempted to just decrypt whoevers password they wish.
~Jeremy~
If you want to encrypt something that can only be read by people who are authorized, then use the blowfish encryption algorithm. Then you can define your own passphrase. Only people who know the passphrase can decrypt the string.
