edkim80
asked on
forgot your password? we will tell you what it is....how?
Whenever I make a user registration site or something else that requires a password, I encrypt it so that in the database, it is unreadable.
If someone forgets, the encryption is one way so it cannot be decrypted. In order to get them back in, i would need to reset the password to something I know, and then have them change their password later.
Does this mean that every website that is able to tell you what your password was when you forgot uses 2 way encryption (encrypt + decrypt, aka administrator could decrypt your password if he wanted to see what it was) or stores your password in plain text? Is there anyway scheme setup so that only users are able to decrypt their own password, kinda like a public/private key?
If someone forgets, the encryption is one way so it cannot be decrypted. In order to get them back in, i would need to reset the password to something I know, and then have them change their password later.
Does this mean that every website that is able to tell you what your password was when you forgot uses 2 way encryption (encrypt + decrypt, aka administrator could decrypt your password if he wanted to see what it was) or stores your password in plain text? Is there anyway scheme setup so that only users are able to decrypt their own password, kinda like a public/private key?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
er, thanks, and good luck (that was quick)
<oops> I see a mistake on my first paste, so to claify my first response it should have been a
> Is there anyway scheme setup so that only users are able to decrypt their own password,
yes
<oops> I see a mistake on my first paste, so to claify my first response it should have been a
> Is there anyway scheme setup so that only users are able to decrypt their own password,
yes
ah, simultaneous postsing
edkim80 > why point me to the Perl section,
the mistake. (or subconscious mindreading - some use perl to store passwords, and not even encrypt them. But the link was for posting to another question, stuck in the clipboard)
> then say yes?
that I restated in the last comment (there's more than one scheme that can be set up, and all too many seem to be clueless about that)
edkim80 > why point me to the Perl section,
the mistake. (or subconscious mindreading - some use perl to store passwords, and not even encrypt them. But the link was for posting to another question, stuck in the clipboard)
> then say yes?
that I restated in the last comment (there's more than one scheme that can be set up, and all too many seem to be clueless about that)
ASKER
SunBow.. i don't understand,
why point me to the Perl section, then say yes?