FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


encrypt and decrypt PROBLEM plss HELP!





kawkazEE
i have a simple CMS when a user register i send him the verification code to confirm that the email is working. i use md5 to register the password he entered but the problem is when the user forgot his password and wants to request it how can i send his password if it is not in natural form.

example:


admin = 'kd86sh43wmn211344ffkzg5ff5s4a3y'

is there a way that i can retrieved the original password? or is there any other function that i can use? please help! Crying or Very sad
hexkid
kawkazEE wrote:
is there a way that i can retrieved the original password? or is there any other function that i can use? please help!

You cannot retrieve the original password.
What you can do is generate a random password, save the hash in the database and send the new password to the user.
Stubru Freak
What would be the point of encrypting if you can decrypt it again?
kawkazEE
stubru... well atleast im the only one who knows. hehehe Laughing Laughing

but just like yahoo and others... how come they can still retrieve the original password?
hexkid
kawkazEE wrote:
but just like yahoo and others... how come they can still retrieve the original password?

Because they don't save a 1-way hash of the password into the database.
They either save the password in plain text, or with a reversible "encryption" method.

MD5 and SHA1, for example, are 1-way hash functions.
ROT13 is a reversible "encryption" method.
kv
kawkazEE wrote:

but just like yahoo and others... how come they can still retrieve the original password?


Who said yahoo can retrieve the original password? When you login, they encrypt the password you gave and compare it with stored encrypted password. When you lose your password, they reset it to a random password or let you choose a new password. They can store plain text password if they want, but thier privacy policy is such that they don't.
jabapyth
use some encryption other that md5. Some encryptions are retrievable.
X3 Talk
MD5 does the job for my site.
It doesn't need to be reversed, because my site's 'I forgot my password' policy is as follows:
1) User works out password is forgotten.
2) User types their email address into a form.
3) Form add their details to a database and md5(time(),$username,$password,$email) which makes a very unique 'difficult to crack and work out' ID. (database details are email,username,unique id)
4) Email is sent to them asking them to follow a URL.
i.e. resetpassword.php?id=9393290sdj53an04
5) The link is a form which reads the database and allows them to simply reset their password.
jeremyyak
Instead of telling them their password, give them the option to change it. Set up a database that has codes for password changing that must be used with 24 hours or they are deleted (for security). And then just change the hash in the user database with the new one.

I don't like two-way encryption. I don't like the fact the when a single person runs the sight, they are too tempted to just decrypt whoevers password they wish.
~Jeremy~
yjwong
If you want to encrypt something that can only be read by people who are authorized, then use the blowfish encryption algorithm. Then you can define your own passphrase. Only people who know the passphrase can decrypt the string.
Related topics
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.