Jun 3rd, 2010, 02:29 AM
Best password encryption option if I need to decode?
I'm building a web app using Spring and Spring Security for the middle tier.
As part of this web app I want to include a facility that allows users who have forgotten their password to be sent an email that includes the plain text password.
To date I have been using the 'Md5PasswordEncoder' but this apparently doesn't support decoding of encrypted passwords.
What's the best encryption option for what I am seeking?
Jun 3rd, 2010, 03:32 AM
The weakness isn't in the choice of encryption algorithm - it's the fact that you then need to protect an encryption key and prevent it falling into the wrong hands.
You should use a password reset link in preference to sending plaintext passwords.