Retrieve lost password

hbradshaw

Hello:

I have a registration form where the user enters a username and password. The password is encrypted and then inserted into a database table.

Now, if a person forgets their password, how do I extract the encrypted password from the database to appear as the original that was typed?

Example: user registers kermit as password. It is encrypted as encryptedword. User loses the password instead of sending an email with encryptedword as the password, the email should state kermit.

Or, is it best to just give the user a brand new password?

Thanks in advance.

laserlight

Or, is it best to just give the user a brand new password?

Yes, that is the best way.

The encryption you're talking about is probably the use of a cryptographic hash, and a property of cryptographic hashes is that one cannot feasibly obtain the pre-image (i.e. input) given the hash.

hbradshaw

Thank you for the reply. I will go the route of giving a new password.