Results 1 to 2 of 2

Thread: Best password encryption option if I need to decode?

  1. Jun 3rd, 2010, 02:29 AM #1
    davout
    davout is offline Senior Member
    Join Date
    Oct 2006
    Posts
    100

    Default Best password encryption option if I need to decode?

    I'm building a web app using Spring and Spring Security for the middle tier.

    As part of this web app I want to include a facility that allows users who have forgotten their password to be sent an email that includes the plain text password.

    To date I have been using the 'Md5PasswordEncoder' but this apparently doesn't support decoding of encrypted passwords.

    What's the best encryption option for what I am seeking?
  2. Jun 3rd, 2010, 03:32 AM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    The weakness isn't in the choice of encryption algorithm - it's the fact that you then need to protect an encryption key and prevent it falling into the wrong hands.

    You should use a password reset link in preference to sending plaintext passwords.
    Spring - by Pivotal
    twitter @tekul
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules