The normal flow for resetting a user's password by mail is this:
- Generate a random string and store it in a database table
- Email string to user
- User clicks on link containing string
- String is validated against database; if it matches, user's pw is reset
However, maintaining a table and expiring old strings etc seems like a bit of an unnecessary hassle. Are there any obvious flaws in this alternative approach?
- Generate a MD5 hash of the user's existing password
- Email hash string to user
- User clicks on link containing string
- String is validated by hashing existing pw again; if it matches, user's pw is reset
Note that the user's password is already stored in a hashed and salted form, and I'm just hashing it once more to get a unique but repeatable string.
And yes, there is one obvious "flaw": the reset link thus generated will not expire until the user changes their password (clicks the link). I don't really see why this would be a problem though -- if the mailbox is compromised, the user is screwed anyway.