[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-windows
Subject:    Re: [PHP-WIN] crypt() with decription
From:       77.181.216.215
Date:       2007-12-04 17:32:08
Message-ID: D1.23.27173.C1F85574 () pb1 ! pair ! com
[Download RAW message or body]

I can only agree Bill and Elizabeth.

@Nishantha:
Do you only need a password-recovery function for registered users? Then 
simply create an random-string, save it in an extra column of your Data 
Stock and give it to the user. Also you can  - as Elizabeth wrote - use an 
two-way-decryption and give the user the decrypted version. But that'll open 
a huge securityhole in your application. Fact: Users will use the same 
password in different systems. So first: Can and will the User trust you? 
Second: Can you trust the people that can look into the database/file/stock? 
Third: Can you by 100% trust your sourcecode, so that never a third party 
hacks your system and decryps all passwords?

I would ever prefer an one-way-function when the project afford it.

-- 
Mit freundlichen Grüßen / Best Regards

Oliver Espeter

""Bill Bolte"" <billb@hightouchinc.com> schrieb im Newsbeitrag 
news:013FC758865CF645976E313AEB6A709905FB9A24@htmail.hightouchinc.com...
There isn't a way to un-encrypt it, it's a one-way encryption
(http://www.php.net/manual/en/function.crypt.php). The user will have to
recreate their password.

-----Original Message-----
From: Nishantha Pradeep [mailto:nishantha@bcsc.lk]
Sent: Monday, December 03, 2007 9:15 PM
To: php
Subject: [PHP-WIN] crypt() with decription

I used php crypt() function to encript password (as a simple encryption)
but
how I decrypt that encrypted password because I want to send the
password to
the user when it requested. 

-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]