password-recovery

I need to implement a Forgot Password page, but my passwords are salted & hashed. So I can't retrieve them conventionally. My idea was to do the following: When an user clicks the Forgot Password link, they naturally need to type in their email address (which is also their username). Their password gets reset to a hashed & salted password i made. Then, i send an email to them which contains a link to a new page where they can type in their new password. The link contains the new hashed & salted password (as a $_GET variable) which is just for authentication purposes. I just grab the $_GET

I'm trying to make a validation process for a password reset, what i've used are two values: the epoch time, and i want to use the users's old password (pbkdf2) as a key, Since i dont want to get non ASCII characters, i've used SimpleEncode library because it's fast since it's only a BASE64 with a key used, but the problem is that the password is too long (196 chars) so i get a long key! What i've done is split the result code = simpleencode.encode(key,asci)[::30] , but this will not be unique! To get an idea how it works, i've tried Facebook reset process, but what is given is a number! so

Does anyone have a solution (sample code) for the following features: Create a randomGuid/Cryptographically strong random number Send a unique URL containing the random number to the user's email address When confirmed, the user is asked to change password My provider is currently parametrized this way: enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="true" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"

is there a way to recover a password from local cache? The password has to be stored somewhere because I can run svn co http://my.svn.server/foo but I've lost the password it self. Do I have to reset it or is it possible (and how) to find and decrypt the password? I'm using mostly CLI SVN on windows, sometimes switching to TortoiseSVN or IntelliJ Idea SVN. Stefan On Windows, Subversion stores the auth data in %APPDATA%\Subversion\auth . The passwords however are stored encrypted, not in plaintext. You can decrypt those, but only if you log in to Windows as the same user for which the auth data

As far as I can think, there are two reasonable ways to reset a user's forgotten password. Have the user enter their email address and a new plaintext password is sent to their email address. A link is sent to their email address which has a UID number in the URL. Clicking on this takes the user to a form on the website where they can choose there own new password. Which method is preferable and why? If method 1 is used, perhaps a third party could read the email and obtain the new password. If method 2 is used, what is to stop someone methodically going through UID codes to try and access the