MD5() and email a password reminder

alexei999

I have a login area, all passwords are stored in MySQL database as passwrod = MD5('password')
I am wondering what's the best way of doing a password reminder, normally send out a value of password field isn't gonna make it because it's going to be an encrypted MD5 value.

any help is greatly appreciated
Thanks.

MrAlaska

I haven't dealt with that, yet, but since I store passwords the same way you do (encrypted in the database) my intention is to random generate a new password, change the stored password to the new encrypted one, then send them an email with the new random password along with a link to re-set the password to one of their own.

I am mainly responding to this thread so I will be sure to notice any replies that address issues I might not have thought of g

NiXXeD

Well, sadly, I hope there is no other option. If there was another option, it would mean less security, and would negate any point of using the MD5 function anyway. Changing the user's password and emailing that to them sounds like a great idea to me, users shouldn't forget their password anyway =)