Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Encryption Library
Encryption Library
  • El Forum
    Unregistered
  •  
#12
06-14-2012, 03:01 PM

[eluser]Abel A.[/eluser]
Yes it's total possible, there's algorithms out there that can output an exact key length of a value even if the inputs are different sizes. That would allow you to use base64 and predict the padding.

My concern is that your activation email can be easily broken. A hacker would have all the site in the world because encryptions can be reversed. Once the hacker figures out your key, then he can activate an email he wants in your system. I also hope you don't use this method for password recovery.

Here's my advice for you:
Use a database
Use a completely random key (ie: not based on time)
Use a long enough key > 30 characters
Make your key expire so it can't be brute forced

I have a system similar to the above and I actually use it for email activations, password recovery, other other functions. It really does come in handy and it's relatively easy to implement!


Messages In This Thread
Encryption Library - by El Forum - 06-13-2012, 07:31 AM
Encryption Library - by El Forum - 06-13-2012, 08:25 AM
Encryption Library - by El Forum - 06-13-2012, 08:29 AM
Encryption Library - by El Forum - 06-13-2012, 09:07 AM
Encryption Library - by El Forum - 06-13-2012, 10:05 AM
Encryption Library - by El Forum - 06-13-2012, 11:17 AM
Encryption Library - by El Forum - 06-13-2012, 04:25 PM
Encryption Library - by El Forum - 06-13-2012, 04:29 PM
Encryption Library - by El Forum - 06-13-2012, 11:19 PM
Encryption Library - by El Forum - 06-14-2012, 12:04 PM
Encryption Library - by El Forum - 06-14-2012, 01:17 PM
Encryption Library - by El Forum - 06-14-2012, 03:01 PM
Encryption Library - by El Forum - 06-14-2012, 03:20 PM
Encryption Library - by El Forum - 06-14-2012, 03:24 PM



Theme © iAndrew 2016 - Forum software by © MyBB