[PHP] Decrypt Password
Tom Woody
encrypt() decrypt() or just do like most other places, they say they
lost it, and you email it to a verified email address.
On Tue, 26 Nov 2002 16:16:22 -0500
"Stephen" <webm...@melchior.us> wrote:
> I would like to make a "Lost Password" part to my member's area script
> but the problem is, the passwords in the database are encrypted using
> the password function. How could I decrypt it for a lost password
> thing?
>
> Thanks,
> Stephen Craton
> http://www.melchior.us
>
> "Life is a gift from God. Wasting it is like destroying a gift you got
> from the person you love most." -- http://www.melchior.us
--
Tom Woody
Systems Administrator
NationWide Flood Research, Inc.
phone: 214-631-0400 x209
fax: 214-631-0800
Don't throw your computer out the window,
throw the Windows out of your computer!
Jason Wong
> I would like to make a "Lost Password" part to my member's area script but
> the problem is, the passwords in the database are encrypted using the
> password function. How could I decrypt it for a lost password thing?
1) Please do not use HTML mail when posting to mailing lists.
2) Try to give more information about your problem -- what database are you
using?
Read this thread:
http://marc.theaimsgroup.com/?l=php-general&m=102797825404282&w=2
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
/*
He thinks the Gettysburg Address is where Lincoln lived.
-- Wanda, "A Fish Called Wanda"
*/
Stephen
decrypt it, then send it?
Chris Boget
> but the problem is, the passwords in the database are encrypted using
> the password function. How could I decrypt it for a lost password thing?
You don't. You create some sort of mechanism to allow them to change
their password.
Chris
Empty
you can use password('password_var_name')
for example (insert into bla password('$password'));
and
after selecting the password you can use and no need encrypt decrypt
the value
echo(password('password')); will write the real value...
>> I would like to make a "Lost Password" part to my member's area script
>> but the problem is, the passwords in the database are encrypted using
>> the password function. How could I decrypt it for a lost password thing?
CB> You don't. You create some sort of mechanism to allow them to change
CB> their password.
CB> Chris
Özgür
em...@graph-ist.com
doolhofje
news:001701c29592$6daa8210$0200a8c0@melchior...
Well it depends on what encryption mechanism is used, but this might help
you out (bruteforce password cracking)
http://freshmeat.net/projects/john/?topic_id=43%2C44%2C253%2C857%2C861
About:
John the Ripper is a fast password cracker, currently available for many
flavors of Unix (11 are officially supported, not counting different
architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak
Unix passwords, but a number of other hash types are supported as well.
--
When you see an attatchment, please block me in your mail-client!
begin foutlook.exe
.-"""-. [ Wijnand "doolhofje" Modderman ] [ wij...@modderman.net]
/* * * *\ [ http://doolhofje.com ][ IRCNet #linuxhelp, #netherlands ]
:_.-:`:-._; [ Ik denk altijd eerst goed na voordat ik iets stoms zeg ]
(_)
__\|/(_)\|/________________________________________________________
Joakim Andersson
> That's what I'm going to do but how can I pull it from the database to
> decrypt it, then send it?
You can't. Well that depends what method you used to create the
passwords, but most likely you used a one-way encryption.
How to solve the problem then?
1. User klicks link 'Forgot my password'
2. Generate a one-time password for this user. Do not change the users
ordinary password yet.
3. Send mail to user with the one-time pw. This must be a verified
mailaddress.
4. Let the user enter his login/mailaddress and the one-time pw to
login.
5. Let the user enter a new pw. Then update the dB.
That's one way to do it with reasonable security.
Regards
Joakim