"Dan McCullough" <[EMAIL PROTECTED]> wrote: > Is there away to take a md5 encrypted password and decrypt it and give that to the client, if they > fogot their password.
Short answer is no, long answer below. I just answered this on another list 10 minutes ago so I'm pasting in part of my reply unedited. You could use something like John the Ripper, which is a password cracker you can install on the server. It works by taking a list of words, word-number combinations, etc. from a dictionary and encrypting them, then comparing the encrypted results with the encrypted passwords stored on your server. If there's a match it notes the cracked password. It's good for detecting weak passwords and can actually detect them very quickly, but if the passwords are strong then it's not effective for your purposes (that's a good thing) since by the time it cracked the password (if it did) your user would have likely taken their business elsewhere. On a few servers I manage I run it periodically to check for weak passwords, then I contact the users with weak passwords and ask that they change them. John the Ripper: http://www.openwall.com/john/ -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
