[thelist] hashing stored passwords (revisited)
Gary McPherson
genyus at ingenyus.net
Wed Jun 25 18:23:10 CDT 2003
> simple. just generate a new, random password, hash it, and
> stuff it in the database. take this newly created password
> and email it to the email account on record. give them a
> lookup by both username and email address. make sure to
> constrain accounts so there are no duplicates of either.
>
> .jeff
I'm developing an application which could make good use of password
hashing, had a look at Jamie's earlier suggestion which made sense - but
yours seems to involve a _lot_ less work to implement. As I am
generating random passwords sent via email (to validate their email
adresses) and forcing them to reset on first login, I could simply
repeat the process for forgotten passwords.
Unless anyone can think of a good reason not to?
Gary
More information about the thelist
mailing list