List:General Discussion« Previous MessageNext Message »
From:Vivek Khera Date:November 2 1999 9:56pm
Subject:Re: Storing passwords
View as plain text  
>>>>> "P" == PinkeshP  <PinkeshP@stripped> writes:

P> I have a table of username and passwords. I want to encrypt the
P> password beforing storing in to table. I have no problem upto that
P> part. But lets say user forgot the password and I want to email

Use an encryption scheme that is reversible, ie, DO NOT use a hash
function like crypt() or md5.  It sounds like that's what you are
doing right now.

Then you can decrypt their passwords at will, using your own super
secure password that encrypted all of them using your reversible
encryption scheme.  At this point you might as well just store them
as plain text...

Simple, eh?  Just don't forget your password's password. ;-)

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera@stripped       Rockville, MD       +1-301-545-6996
PGP & MIME spoken here            http://www.kciLink.com/home/khera/
Thread
Storing passwordsPinkeshP3 Nov
  • Re: Storing passwordsVivek Khera3 Nov
  • Re: Storing passwordsGraeme B. Davis3 Nov
Re: Storing passwordsEd Carp3 Nov