[thelist] hashing stored passwords (revisited)
Aredridel
aredridel at nbtsc.org
Wed Jun 25 18:40:51 CDT 2003
> I'm developing an application which could make good use of password
> hashing, had a look at Jamie's earlier suggestion which made sense - but
> yours seems to involve a _lot_ less work to implement. As I am
> generating random passwords sent via email (to validate their email
> adresses) and forcing them to reset on first login, I could simply
> repeat the process for forgotten passwords.
Sounds good to me -- that still leaves your weakest link as the user's
email -- quite acceptable for most web-based systems.
>
> Unless anyone can think of a good reason not to?
>
> Gary
>
More information about the thelist
mailing list