简体繁体 English

在恢复密码电子邮件中使用md5密码作为令牌有多不安全？

[英]how unsafe is to user the md5 password as token in the recover password email?

原文 2012-02-26 16:44:44 4 5 php/ mysql/ md5

i was thinking sending an email with the md5 password as token and check if the email+password are correct before showing the recover password form 我正在考虑发送带有md5密码作为令牌的电子邮件，并在显示“恢复密码”表单之前检查电子邮件+密码是否正确

1) user enters mail 1）用户输入邮件

2) if mail exists, send an email to with it with password as token 2）如果存在邮件，请发送一封带有密码作为令牌的电子邮件至

3) when user click to link: check if mail and md5 password are correct, if so: 3）用户单击链接时：检查邮件和md5密码是否正确，如果正确：

4) show password generator form 4）显示密码生成器表格

-EDIT- -编辑-

So how could be safer without adding any column to the user table? 那么，如何在不向用户表添加任何列的情况下更安全呢？

5 个解决方案

It's at least theoretically unsafe. 从理论上讲，这至少是不安全的。 See eg md5 decoding. 参见例如md5解码。 How they do it? 他们是如何做到的？ and MD5 security is fine? 和MD5安全性还好吗？

But why do that in the first place? 但是，为什么要首先这样做呢？ The following would be much more secure, and only marginally more difficult to implement: 以下内容将更加安全，并且实施起来会稍微困难一些：

Generate a random key, eg 123456789abc 生成一个随机密钥，例如123456789abc
Store it in the user record 将其存储在用户记录中
Add the key to the URL lookup.php?key=123456789abc 将密钥添加到URL lookup.php?key=123456789abc
When the user clicks the URL, look up the key to find the correct E-Mail address. 当用户单击URL时，查找键以找到正确的电子邮件地址。
Once the operation has completed, delete the key. 操作完成后，删除密钥。

Give the key a lifetime of, say, 24 hours so illegitimate requests fade away. 密钥的寿命为24小时，这样非法请求就会消失。

I am rather sure, this is not a good idea: If this mail falls into wrong hands, it gives an attacker an offline vector against an MD5 - which means it gives him the password, if he is faster than the real user. 我相当确定，这不是一个好主意：如果这封邮件落入错误的手中，它将为攻击者提供针对MD5的离线引导程序-这意味着，如果他比真实用户要快，它将为他提供密码。

Use salting and a more calculation intensive process. 使用加盐和更多计算密集型过程。

If I understand correctly, and the MD5 hash of the password is only sent to that email address, then I think it's not that dangerous... It could be only if the email account has been compromised. 如果我理解正确，并且密码的MD5哈希仅发送到该电子邮件地址，那么我认为那不是那么危险...可能只有在电子邮件帐户已被盗用的情况下。

It's not the best practice, but I think the "email compromised" scenario is not of interest, since almost every method is "vulnerable" to that. 这不是最佳实践，但是我认为“电子邮件遭到破坏”的情况并不重要，因为几乎每种方法都对此“脆弱”。

you can use a random string instead of the md5'ed password. 您可以使用随机字符串代替md5密码。 You only need to verify, that the person, who asks you to reset the password, also is the owner of the email address. 您只需要验证要求您重设密码的人还是电子邮件地址的所有者。

When you send out something that is related to the password (like a hash), than you give out a hint, that you don't need to give out. 当您发送与密码相关的信息（例如哈希）时，您无需提供提示即可提示您。 There are tables out there to do the reverse of a md5'hash and that can be used to guess the password. 那里有一些表可以做md5'hash的反向操作，并且可以用来猜测密码。

Think of the random string as a session id . 将随机字符串视为会话ID 。

Maybe it would be better at least use the MD5 of something else since if the password is weak an attacker could use a dictionary to discover the password. 也许最好至少使用其他方式的MD5，因为如果密码很弱，攻击者可以使用字典来发现密码。

As others suggest it would be better to avoid this, and ideally generate a random token, store it somewhere, and send/verify it. 正如其他人建议的那样，最好避免这种情况，最好是生成一个随机令牌，将其存储在某个地方，然后发送/验证它。