-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Unfortunately... if you store the passwords' hashes instead of the
passwords themselves, there's no way you can get them back. SHA1 is
designed to prevent you from doing that.
Usually either you mail them a new password to their alternate email
address, or you authenticate them using questions if the user doesn't
have any alternate email address. Hotmail does a good example of the
latter (questions like "how many folders do you have in your account?"
"what's your pet name" etc. etc.)
DDK wrote:
| I really wish there were some examples explaining how to create a forgot
| password email link system when you encrypt a password in a database
and use
| ASP.NET/C# preferably. Since the password is encrypted in SHA1, I can't
| just send a user their password by email. So I'm not sure the best way to
| accomplish a forgot password module when the password is encrypted in the
| database. I've tried to find info on this but have not found anything
that
| really talks about this. Any help, links, or book suggestions would be
| greatly appreciated.
|
| Thanks,
| d.
|
|
- --
Ray Hsieh (Djajadinata)
ray underscore usenet at yahoo dot com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird -
http://enigmail.mozdev.org
iD8DBQE/nJaNwEwccQ4rWPgRAsWTAJ9RbdeXIOx353JP4CON3G14eSfPRw CdG69h
C795KdGFBAbXX7bxuRcn1sc=
=sb9E
-----END PGP SIGNATURE-----
