Generating An Md5 Hash Generator, Php Md5() Function

I"m starting to develop the user"s registration on my project. The users would confirm their registering by a link sent by email.

I thought I could use the email inserted on the form, plus a random salt, và hash this concatened string, so that becomes each string token unique. The liên kết would be something lượt thích this:

http://www.example.com/register/7ddf32e17a6ac5ce04a8ecbf782ca509I think it"s good and easy khổng lồ build, but I"m not sure if it"s secure enough.

Bạn đang xem: Generating an md5 hash generator, php md5() function

I"m developing this project using CakePHP 2.7 & SQL server 2014.


*

Trending sort Trending sort is based off of the default sorting method — by highest score — but it boosts votes that have happened recently, helping to surface more up-to-date answers.

It falls back to lớn sorting by highest score if no posts are trending.

Switch to Trending sort
Highest score (default) Trending (recent votes count more) Date modified (newest first) Date created (oldest first)
It really depends on how you generate the MD5. Just ensure your data is random. I don"t use MD5 for generating these types of hashes, and instead will bởi something like:

$email_token = openssl_random_pseudo_bytes(16);$token = bin2hex($email_token);Personally, I would opt for something lượt thích this using random_bytes if using PHP7.

$email_token = bin2hex(random_bytes($length));For PHP5 there"s a polyfill available: https://github.com/paragonie/random_compat


*

You should think about what a potential attacker could bởi if he is able khổng lồ generate tokens that bởi vì not belong to lớn him and then decide if the MD5 hash is good enough.

Xem thêm: Chậm Kinh Bao Nhiêu Lâu Thì Có Thai, Cách Kiểm Tra Chính Xác Nhất

If I got it correctly you just want to lớn verify a users e-mail and only create an tài khoản if the user really owns the email address. Would it be bad for you or the owner of the address if an attacker creates 1000 accounts with faked emails?

As always, security depends on the situation, IMO.

If you want lớn play it safe, don"t let your token depend on user data. Generate a completely random token & save it beside the pending registration in your database.


*

Use a completely random value for the user which you generate at the time of registration, run it through "sha1" or "sha2", store it in the db, and use that in the email. Then you just check if that value is in the database. If you wanted to additionally associate the hash with another data point (such as their email) all the better.


*

Thanks for contributing an answer to Stack Overflow!

Please be sure to lớn answer the question. Provide details & share your research!

But avoid

Asking for help, clarification, or responding khổng lồ other answers.Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.


Post Your Answer Discard

By clicking “Post Your Answer”, you agree khổng lồ our terms of service, privacy policy and cookie policy


Not the answer you're looking for? Browse other questions tagged php security cakephp email-confirmation or ask your own question.


Authenticating requests from sản phẩm điện thoại (iPhone) app to ASP.Net website API (Feedback requested on my design)
*

Site thiết kế / biệu tượng công ty © 2022 Stack Exchange Inc; user contributions licensed under CC BY-SA. Rev2022.8.23.42893


Your privacy

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.