[thelist] hashing stored passwords (revisited)

Aredridel aredridel at nbtsc.org
Wed Jun 25 18:40:51 CDT 2003


> I'm developing an application which could make good use of password
> hashing, had a look at Jamie's earlier suggestion which made sense - but
> yours seems to involve a _lot_ less work to implement. As I am
> generating random passwords sent via email (to validate their email
> adresses) and forcing them to reset on first login, I could simply
> repeat the process for forgotten passwords.

Sounds good to me -- that still leaves your weakest link as the user's
email -- quite acceptable for most web-based systems.

> 
> Unless anyone can think of a good reason not to?
> 
> Gary
> 



More information about the thelist mailing list