1

So I have been learning quite a bit about PHP and Mysql, and I was wondering about something. Let's say I was going to make a database storing just usernames and passwords (keeping the example simple). I know that it's not safe to store passwords without encrypting them because someone might hack into the database.
So I use an MD5 hash or something even safer and store the passwords encrypted, then one of my users has forgotten their login information and they would like to retrieve it by email.

If I'm using a one-way encryption method like MD5 or a better one, how am I supposed to send the user their login information if their password is encrypted and no way to decrypt it?
I would guess that for this purpose (by which I mean the retrieving part) is there another way, or at least another place, where the passwords are stored just for this?

I would be glad if anyone could suggest a method for storing this information safely but in such a way that if one of my users forget their login there's a way for me to email them back safely. Or how is a problem like this dealt with nowadays?
And from what I have read MD5 hash was hacked already so a better encrypting hash or method would be nice too.

Kevin
  • 53,822
  • 15
  • 101
  • 132
Csak Zoli
  • 408
  • 1
  • 4
  • 11
  • 2
    Simple rule of thumb. If you can unencrypt it to send it to the user - the hackers can – BugFinder Oct 16 '12 at 13:04
  • Yea that's why i'm looking for a good method to keep the information safe but deal whit the problem also. – Csak Zoli Oct 16 '12 at 13:06
  • Keeping it short, give them a unique link in email, then allow them to reset it. No one needs to know what the actual password was. – itachi Oct 16 '12 at 13:08

5 Answers5

5

Then how am I supposed to Send the user their log in information if their password is encrypted and no way to decrypt it?

You aren't. You should never send a user's password to them.

If a user wants to reset their password then:

  1. Generate a random token
  2. Store that token in a database with a time stamp and the user id
  3. Email the token to the user
  4. When the user visits a page using the token, allow them to enter a new password
  5. Delete the token after it has been used
  6. Delete the token if it is not used within a time period (e.g. 3 hours)

And from what I read MD5 hash was hacked already so a better encrypting hash or method would be nice to.

See the PHP manual, this is a FAQ.

See also, OWASP

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
1

First, don't use MD5. Read this question I posted a while ago, it includes lots of useful links Improve password hashing with a random salt

Then, if you hash the users passwords (which is strongly recommended), you simply can't send them back the password. Send them a reset password link and allow them to set a new password. It is as simple as that.

Community
  • 1
  • 1
Tchoupi
  • 14,560
  • 5
  • 37
  • 71
1

If You can easily decrypt the password then others can do this too, and System will be insure

The better approach is that you generate new password on user request & update password by using some random string and send the user updated (UN-encrypted) password via mail and store it as after encryption (e.g md5) in database... You can generate random password using my following method

<pre>
  <?php
    $randstr = "";
         for($i=0; $i<10; $i++)
           {
            $randnum = mt_rand(0,61);
             if($randnum < 10)
             $randstr .= chr($randnum+48);
             else if($randnum < 36)
                  $randstr .= chr($randnum+55);
             else
                  $randstr .= chr($randnum+61);
          } 
     $original_pass=$randstr;  //Send it via E-mail
     $encrypted_pass=md5($randstr); //Store it in Database 
      ?>

You can also use combination of different encryption algorithms by using md5 on first three letters and sha1 on next two and some other on next letters and restrict user to a password of at-least 6 letters or more However, there are some encryption algorithms and you can use them for de-cryption by providing secret key, But Other people knowing that secret key will decrypt them too...

You can also encrypt Secret Key and then store it in database and use it to decrypt password after decrypting Secret Key via some other key.... But it will increase processing time and There will be Time Complexity Issue.

Umair Aziz
  • 1,518
  • 1
  • 19
  • 29
0

I think you're going along the right lines by storing a hash of their password rather than the password itself.

If they forget it, I agree that because you only have a hash you cannot show them a screen with their password on it. However you can send them an email which links to a page which allows them to reset their password.

PeteH
  • 2,394
  • 1
  • 20
  • 29
0

You could simply just create a random password and send them an activation link that would activate that password.

I would suggest you use something other than md5 or use md5 with a salt or something along those lines because if the password is too simple there are many online tools that can give you the string of an md5. By the way a salt is basically a set of keys that you would add to the password to make it harder to get.

Musbah
  • 111
  • 1
  • 9