Forgotten Password?

Wolphie · November 17, 2007

I don't really understand how this works.

When somebody clicks on "Forgotten Password" and then enter their e-mail address, in my case is the MD5 hash encryption decrypted and then sent via e-mail? If so how would i decrypt the MD5 hash? If not, what other method is there?

Orio · November 17, 2007

You send them a new password. Then you md5 it and store in the db.

Orio.

Wolphie · November 17, 2007

So basically, you reset their password?

Generate a new one, send it to them. MD5 encrypt it and then write it to the database?

Orio · November 17, 2007

Exactly

Orio.

Dragen · November 17, 2007

in my case is the MD5 hash encryption decrypted and then sent via e-mail?

You can't decrypt md5. It's a one way encryption, but what Orio said is probably the easiest way of doing it, without writing your own hashing function.

rarebit · November 17, 2007

You could build a lookup table or use a pre-built one such as http://www.md5decrypter.com/ or http://www.md5encryption.com/.

An extra point is you can add a salt (extra stuff) when doing your hash sum, there's a pretty current thread discussing this at the mo...http://www.phpfreaks.com/forums/index.php/topic,168037.0.html. By using a salt prevents someone from using a 'standard' pre-built lookup table, this would assume someone had access to your password hash table for your sites users.

Sign In

Forgotten Password?

Recommended Posts

Wolphie

Link to comment

Share on other sites

Orio

Link to comment

Share on other sites

Wolphie

Link to comment

Share on other sites

Orio

Link to comment

Share on other sites

Dragen

Link to comment

Share on other sites

rarebit

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information