This might be a stupid question and if so then humor me with smart remark and the answer :) I want to have a feature on my site that allows me to email forgotten passwords back to the user (like what Backpack does). Now I'm currently encrypting the user's password + salt before saving to the database using code borrowed from the LoginGenerator. The question I have is there any way to get the user's password after if it's been SHA1'ed or do I have store the user's password as plain text in the database? If I have to store is plain text, isn't that a bit insecure? And if so why does backpack (and I'm assuming others do it?) If I want to have the password encrypted in the database is my only option to change their password ot a new value? Thanks!
on 2006-01-09 03:12
on 2006-01-09 03:31
On Mon, Jan 09, 2006 at 02:12:21AM +0100, Gerry Shaw wrote: > in the database? > > If I have to store is plain text, isn't that a bit insecure? And if so > why does backpack (and I'm assuming others do it?) > > If I want to have the password encrypted in the database is my only > option to change their password ot a new value? > > Thanks! > Nope, you can't un-SHA1 the password. The only way to send it back is to store it plain text (or use encryption, which is fairly pointless). It's marginally less secure, if someone gets access to your database; at which point they've got all the data anyway. It's a tradeoff of convenience for a slight decrease in security. -Scott
on 2006-01-09 03:34
Thanks for the sanity check (and quick reply). Just checking to make sure I wasn't missing anything obvious.
on 2006-01-09 03:37
For security reasons I've always taken the approach of using an algorithm to generate a new strong password, change the user's password, and then email that to the user. I think most users will appreciate the fact that you've created a new secure password for them. At least it gives them a feeling that their password is not out in the open. Michael T.