Using RAND with MD5 to generate a unique key in a unique MYSQL field. Possible? Good practice?

Question

Using RAND with MD5 to generate a unique key in a unique MYSQL field. Possible? Good practice?

I am trying to implement a simple reset password system for my site. The idea is this:

User requests reset password.
The CodeIgniter system uses RAND and MD5 (I know that it is unsafe and corrupted, it is probably better to use SHA1 or better than a dot) via MYSQL to generate a random string and hash code, producing a 32-bit key.
The user sends a link consisting of a key.
The rest is pretty obvious.

I want to know if -

A: MYSQL RAND functions with MD5 (or better) generated in the field specified as UNIQUE will be automatically restored if they generate a key that already exists in the table in this field.

B: This is an acceptable method for creating reset passwords. Or is a salt hash email address better to prevent duplicates?

Obviously, these are just the basic implementation and security requirements wrapped around the whole process.

+4

php mysql random unique md5

twistedpixel Apr 13 '13 at 10:02

source share

1 answer

symcbean · Accepted Answer · 2013-04-13T22:09:06+0000

There is not much point in using a more complex hash against simple, predictable values. Using email as a salt helps - but not so much. If you only need a random value, then why not use a random value - dressing it up with pseudo-cryptography does not help security (this actually undermines it here). Just generate a random number (in fact, you probably want to generate several random numbers, convert to a more compact base and combine) and save it together with the registration information (you need to save the original password and cancel the unlock if the user logs in anyway )

Using RAND with MD5 to generate a unique key in a unique MYSQL field. Possible? Good practice?

More articles: