[RESOLVED] MD5

Muncey

Im going to make a script that sends a members password to their email address via them putting in their email.

One problem, my members passwords get auto encrypted, is their anyway to send them the decrypted password?

Thanks in advance.

aspekt9

MD5 cannot be decrypted. You have to send the password to the user before your encrypt it. Perhaps giving us a little code, we can help you out with that task.

Muncey

It's not made yet but when they register the password is encrypted, if they forget i want to send them the password back when they add the email address in.

Ill make the code which will end up sending the md5 password to them via email and see what anybody can do.

Piranha

I guess that you want to have it as a password recovery system? If that is the case generate a new random password, insert the MD5-value into the database and then send the member the new password.

abc123

The fact that the passwords are automatically encrypted is a good thing.

Image if someone gained access to the database. They would have a list of everyones passwords! That would be embarrasing as a developer.

For this reason it is best to store them encrypted with no way to decrypt. If they forget their password then all you can do is what Piranha said. Randomly create a new one and send it to their e-mail address.

leatherback

Of course.. You can than ask them to set their own new password, once they log in with the temporary random password..

Muncey

Ok thanks everybody, i thought that would be the case but i was just checking.

bradgrafelman

Just to clarify some terminology here - MD5 does not "encrypt" anything at all; it's a hashing method, meaning there's no way to reverse the calculation (aka "decrypt").

Don't forget to mark this thread resolved.