| View previous topic :: View next topic |
| Author |
Message |
Tim1681
-
Joined: 17 Jan 2005
Posts: 160
Location: Bristol, CT, USA
|
 Posted: Wed Jun 28, 2006 5:00 pm Post subject: MD5 Hash Question |
 |
|
I've been thinking about this lately; haven't really gone out and tried finding an answer but:
When you make a PHP Login System, and you include the 'Lost Password' link which then emails you your password; If you have the password MD5 hashed in the Database, how can PHP convert that back into plaintext and email it to you? Is there an 'undo-md5' command that I don't know about?
_________________
mysql> SELECT * FROM users WHERE clue > 0;
0 rows returned.
 |
|
| Back to top |
   |
 |
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Wed Jun 28, 2006 5:06 pm Post subject: |
|
|
No. They use encryption but allow you to reset your password instead of sending you it. MD5 is an unreversable operation; apparently anyway.
Those that send you it back have some form of encryption in their database that is reversable. Not the best way to store someones password.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
 |
|
olly86
-
Joined: 25 Apr 2003
Posts: 993
Location: Wiltshire, UK
|
| Posted: Wed Jun 28, 2006 5:08 pm Post subject: |
|
|
EDIT: beaten to it...
The whole idea about MD5 is one way encryption only, you cannot unencrypt a MD5 string. The sites that email you your password to you are probably storing them in plain text.
What you can do through is email a reset code to the user which they have to follow before there password can be retrieved/altered, like phpBB offers.
_________________
Olly |
|
| Back to top |
|
|
Tim1681
-
Joined: 17 Jan 2005
Posts: 160
Location: Bristol, CT, USA
|
| Posted: Wed Jun 28, 2006 5:18 pm Post subject: |
|
|
Yea, that's what I was thinking lol; Thanks guys 8)
_________________
mysql> SELECT * FROM users WHERE clue > 0;
0 rows returned.
|
|
| Back to top |
|
|
|
