Password encryption

[poring]

I would like to store my users's passwords in the database in an encrypted format. Could anywone please point me to a good encryption method that could possibly be used in php?
Note that I can't use md5, since I have to ba able to decypt the password back in case the user forgets his/her password.

Thanks

[EagleSpy]

I would say that when most people talk about encrypting passwords for websites, etc. they are referring to hashing rather than key cryptography. A solution for your problem would be to simply assign them a temporary password and then have them change their password back to a permanent one (like they do for many sites). I assume you want encryption for security, but if you use key cryptography, where will you store the key? probably on the server - right with the ciphertext. So key maintnence would be another issue if not using a hash. Hope that makes sense.


-Will

[jason]

The way I do things is I use one-way encryption, such as with php's crypt() function or MySQL's password() function. If a user forgets a password, I just assign them a new one. I have a list of random words (things like colors, fruits, states, etc) and a routine that selects two diffeent random words from the list and places a random number between them (ie pineapple26vermont). When a user forgets his/her password, they can enter their email address and the server sends them a message with a new one in it. The next time they log in, they are asked to change the password again to something they'll remember.

--Jason

[poring]

Ugh, I can't believe I didn't think of this. Thanks guys!