password decryption help

tuf-web_co_uk

well after having a look on google i found that there is no possible way to decrypt an MD5 password, unless you smart people know 1 🙂

seen as MD5 is a one way hash function does anyone know of a password encryption function which lets you decrypt the
password if it is forgotten?!

thanks Jon

planetsim

I do not suggest ever using any function in php that can decrypt a password. You should make a password generator. If you dont know how to make one ive got a pretty average one which i use.

But if you dont really care then you can try mcrypt. You might wanna double check me not 100% sure on that.

jimson

i think maybe you want to give the user password when they forget their log on password.

if the user lost their password

md5('pwd') a new password and store the hash in database if the user reset the password
send the pwd to their registered email
once they log on, they can change their password

so no point to encypt or decrypt here.

em.. how should they reset their password.
prompt for their details in order to reset password.

laserlight

A possible way might be to store both the hashed password and the original password.

Then you would use the hashes to compare, but send the original upon request.

I'm not very sure of the security implications of that though, but since comparing hashes just like that isnt all that secure anyway, it shouldnt matter most of the time.

martyn

Store both as hash then send a new random password on request, safe for all then!

tuf-web_co_uk

thanks for the tips much apreciated 🙂

in the end i decided to email the user a new password using a random pass generator

so i guess this is still safe 😃

thanks Jon