View previous topic :: View next topic |
Author |
Message |
Tim1681 -
Joined: 17 Jan 2005 Posts: 160 Location: Bristol, CT, USA
|
Posted: Wed Jun 28, 2006 5:00 pm Post subject: MD5 Hash Question |
|
|
I've been thinking about this lately; haven't really gone out and tried finding an answer but:
When you make a PHP Login System, and you include the 'Lost Password' link which then emails you your password; If you have the password MD5 hashed in the Database, how can PHP convert that back into plaintext and email it to you? Is there an 'undo-md5' command that I don't know about? _________________ mysql> SELECT * FROM users WHERE clue > 0;
0 rows returned.
|
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Jun 28, 2006 5:06 pm Post subject: |
|
|
No. They use encryption but allow you to reset your password instead of sending you it. MD5 is an unreversable operation; apparently anyway.
Those that send you it back have some form of encryption in their database that is reversable. Not the best way to store someones password. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
olly86 -
Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK
|
Posted: Wed Jun 28, 2006 5:08 pm Post subject: |
|
|
EDIT: beaten to it...
The whole idea about MD5 is one way encryption only, you cannot unencrypt a MD5 string. The sites that email you your password to you are probably storing them in plain text.
What you can do through is email a reset code to the user which they have to follow before there password can be retrieved/altered, like phpBB offers. _________________ Olly |
|
Back to top |
|
|
Tim1681 -
Joined: 17 Jan 2005 Posts: 160 Location: Bristol, CT, USA
|
Posted: Wed Jun 28, 2006 5:18 pm Post subject: |
|
|
Yea, that's what I was thinking lol; Thanks guys 8) _________________ mysql> SELECT * FROM users WHERE clue > 0;
0 rows returned.
|
|
Back to top |
|
|
|