[thelist] hashing stored passwords (revisited)
ted serbinski
tss24 at cornell.edu
Wed Jun 25 15:11:55 CDT 2003
> > So aside from him being able to use a user's password on another site
> > or for a different resource where the same username/password combo
> > existed, does it enhance the security of a website at all?
The only question I have with hashing a password is, what if a user forgets
his/her password?
The only way I can think of to fix this error is to have the user enter a
secret question/answer, but to me, that doesn't seem too secure at all (I
mean if the answer is just some word like "denver" that wouldn't be too hard
to crack).
So how do you guys get around this? I'm looking to implement hashing in a
future project and this was the only problem I couldn't really figure out.
Thanks.
ted
More information about the thelist
mailing list