-
Webmaster posted an update Thursday, Jul 7, 2011, 11:21am EDT, 14 years, 3 months ago
Someone asked a good question that I feel I should address. The question was, "Now that I've registered, does that mean that you (i.e. the webmaster) know what my password is?" The answer is a big NO. Your password is encrypted before it is stored in the database and it just looks like a very long string of gobbledygook. I have no way of logging into this site or any other site with this encrypted value and I can't reverse engineer it to determine what your password was. For those who want the technical explanation (and since I've been dying to use the "shush" tag... Continued...
continued...
When you submit your new password via the registration page, something called a "salt" is used to encrypt it. The "salt" is the first 2 characters of your password, so the system doesn't even know what the salt is. This encrypted value is stored in the database. When you log in, the password you enter is encrypted using the same "salt" and then it is compared to the value stored in the database. If the two values match, then you're in. If they don't match, then your login fails. As you can see, there's no way to get these two values to match unless you know the password, and there is no way to determine the password or unencrypt it since the system doesn't know the salt, which again was the first two characters of your password. This is why you can't send me an email and ask me to tell you what your password is if you've forgotten it. If you forget your password you have to go through the automated process that sends you a new password. It is a good practice to then go to your Profile tab and change your password to something you'll remember. From a technical viewpoint it's very cool, and now you know way more than you wanted to know about passwords :-)