unfortunately, we've been requested to offer our users the ability to get an email sent to their registered account, their password .. if they have forgotten their password.
"Click here if you have forgotten your password"
So - t开发者_JAVA技巧his means i need to be able to DECRYPT the password. I don't like it, but that's the requirements. I'm used to use a SALT and HASHING a password with SHA1. then storing the salt and the hashed password into the repository.
Not sure what I should be doing if I wish to store the password which can be decrypted now. Is it more or less the same, but I should use AES instead?
Would love some help (and preferably code samples in .NET).
Cheers!
NOTE: Please don't turn this thread into a topic about HASHING vs DECRYPTING vs OpenAuth.
You can do one of the following:
- Change the user's password temporarily and email the user the new password, which he is required to change in the next login.
- Have a functionality to reset the password instead. It is quite similar to the first option, but instead you need to create a temporary token and send that to the user as a link.
- If you really, really need to encrypt the password and send it to the user over plaintext, then you need to find a good encryption scheme to protect the passwords while they're in the database. You can simply create a random key or a derived key using Rfc2898DeriveBytes and then you can use AES combined with HMAC (for verification) to encrypt and store the password. Your application needs to be aware of this key to be able to decrypt the data, which is a security risk. Possibly you can store this key in the web.config file or something similar which should never be accessible from the outside and protect it using DPAPI or the RSAKeyContainer.
If you go with option 1 or 2, you don't need to be able to decrypt the password, so you can use a hash + salt, which will be the most secure method.
Considering that password will be traveling unencrypted over internet, high security encryption may event not be that relevant. But in any case AES should be sufficient.
Still want to ask - was there an option on the table to allow users to reset passwords rather than receive them via e-mail?
精彩评论