Posted by Volker Hetzer on 09/02/05 17:50

frizzle wrote:
> Hi there,
>
> I've read in a few places that you should *never*
> store original passwords in a mySQL DB.
> Now i wonder if you encrypt it (with MD5 ?), how should
> i create a lost password function, so the pass could be
> sent to a corresponding e-mail address?
Very simple. You can't. And that's the way it's supposed to be.
That's what the hash function is for.

So you do what everybody else does that has a clue about security:
You assume that someone else is out for someones password.
So you block the account and send a special short-lived link where
they can choose a new password. This link obviously gets sent
to the email in the blocked account and not to one given by the
user interested in the password. As the other guy said, you need
to put in some token so that that kind of link can't be reused
for an attack. Keep tabs on the currently open and expired
tokens to prevent replays. Make it hard to predict the value of
of the next token by using cryptographically strong random numbers.
If you are serious, ask in sci.crypt.

Lots of Greetings!
Volker

[Back to original message]