2

I want to know what are the points to be kept in mind while creating a hash token for my password reset links.

In particular, how to make it un-predictable for an attacker?

M'vy
  • 13,033
  • 3
  • 47
  • 69
Rakesh Singh
  • 27
  • 3

2 Answers2

1

Most random number generators just generate pseudorandom numbers. They create a series of numbers which appears random at first glance, but the numbers do follow an exact algorithm. To prevent them from generating the same series of numbers everytime they are used, they are initialized by seeding them with a start value. A good pseudorandom number generator should output a different series of numbers for every possible seed value.

In practice, a pseudorandom number generator is often initialized with the current time. Because the time will be different everytime a program is run, it will never generate the same stream of numbers. Unfortunately this is insufficient for any security purpose, because the time of initialization is very predictable. For that reason you need to combine values from other entropy sources which are hard or impossible to predict for an outside attacker.

Which entropy sources are feasible depends on your environment.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • What (if anything) is wrong with using a strong hash of current time concatenated with a secret plus something unique to the user, rather than a random number? – Alfred Armstrong Feb 05 '15 at 16:03
  • The fact that an attacker could theoretically (for *very large quantities of theoretically*, but still) guess the way the hash is computed, request a password reset for an user and change her password without receiving the hash. Since you have to store the hash anyway, why not make it unpredictable and unrelated to everything else? I'd say even a weak but long pseudorandom number is better than something with a crackable, guessable structure. – matega Feb 05 '15 at 22:49
0

Use a cryptographically secure random number generator to generate a random sequence. There are many available, built into different platforms. Many frameworks and languages provide wrappers to access these such as the openssl_random_pseudo_bytes function in PHP.

You could generate your own. The article above suggests:

A cryptographically secure hash of a counter might also act as a good CSPRNG in some cases. In this case, it is also necessary that the initial value of this counter is random and secret. However, there has been little study of these algorithms for use in this manner, and at least some authors warn against this use.

However, you should seed it with something unpredictable. That is, set the counter to be hashed as an unpredictable generated number and simply increment it each time. You would need adequate entropy for both your counter value and your output hash (128 bit).

Since you need an unpredictable source for this anyway, and there is some warning against this use I would go with the first option of simply generating a cryptographically secure sequence using built in language functions.

Community
  • 1
SilverlightFox
  • 33,408
  • 6
  • 67
  • 178