Good idea to send encrypted password with activation link

Is this good idea to send activation link with encrypted password

Felix Samy wrote:

Is this good idea to send activation link with encrypted password

Why would you want to send the encrypted password anywhere?

then encrypted password?
For what??

I recently started with Authlogic and it specifically uses a specifically generated temporary token for such so that it is not necessary to send an encrypted password or anything else. I think in general security wise if you are using encryption that you dont want a lot of your encrypted data floating around as given a large enough sample available publicaly theoretically it could be possible to determine your encryption keys.

David

PS, this is the authlogic explanation. Their point is that the token expires, as unless you put in other safeguards if the encrypted password might be able to be used again, for security purposes it really should be reset. I think my prev explanation is probably highly unlikely.

http://rdoc.info/github/binarylogic/authlogic/master/Authlogic/ActsAsAuthentic/PerishableToken