[RESOLVED] Generate activation key for verification of email

halojoy

Is this an acceptable way to generate the key?
Or is there a good simple alternative?

function gen_activation_key($email){   

    $generatedKey = sha1(mt_rand(10000,99999).time().$email);
    return $generatedKey;
}

function verificationMAIL($gKEY,$email){
    $to=$email;
    $from='do-not-reply@example.com';
    $subject='Verify your Email Address - EXAMPLE.COM';
    $headers .= 'MIME-Version: 1.0' . "\r\n";
    $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
    $mailMsg='<h2>Verify Your Email Address</h1><br />
                <a href="http://example.com/activation.php?email='.$email.'&key='.$gKEY.'">Click Here to Verify.</a>';
    mail($to,$subject,$mailMsg,$headers);
}

dalecosp

You might look at [man]uniqid/man ... 🙂

halojoy

Thank you, but it does not seem so good:

This function does not create random nor unpredictable string. This function must not be used for security purposes. Use cryptographically secure random function/generator and cryptographically secure hash functions to create unpredictable secure ID.

I ended up with activationkey:

$act_key  = sha1($username.time());

Because before that line I have already tested that username is unique.
What do you think? Will it do?

laserlight

Look at things in perspective: this verification email is to verify that the user's email address is valid because the user received the verification email and the activation key sent with the email matches the one generated and stored on the server.

Therefore, what you are trying to do is to prevent say, a spammer from registering many users with fake email addresses, and then spoofing the activation key in order to activate the accounts.

So, we assume that the attacker knows the algorithm, i.e., if you write this:

$act_key  = sha1($username.time());

the attacker knows it. Furthermore, the attacker presumably knows the user's username. Therefore, your solution is as good (or as bad) as uniqid, which "gets a prefixed unique identifier based on the current time in microseconds" (and in fact you could have used the username for the prefix).

You can easily fix this by mixing in a secret key before computing the cryptographic hash. This could replace the username, since the username adds nothing that the attacker does not know. For example:

$act_key = sha1(uniqid($secret_key, true));

The secret key itself would presumably be defined in a configuration file separate from your code, e.g., in a file outside of your document root/public html directory.

halojoy

thanks laserlight
I have to see if I should change it.
Probably I will not. Because I think the risc is so small anyone will attack.
And if somebody does there is not much money to gain .... not much for me to lose.

Weedpacket

halojoy wrote:
Thank you, but it does not seem so good:

Also on the [man]uniqid[/man] page is a reference to [man]openssl_random_pseudo_bytes[/man]. Which in turn mentions [man]crypt[/man]. Which, as noted on that page, has also been wrapped in [man]password_hash[/man]. Of course, all that's needed here (in fact, everything that should be wanted here) is a good source of randomness, so there may not be such a need to follow so many links; just pull some entropy, base64-encode it (with suitable modifications to make the result URL-safe), and use that.