I was emailed a reset key. It was 40 hex letters, so 20 bytes which is 160 bits. I thought to myself, why 160 bits? Maybe it's a 128 (key) + 32 bit (checksum or id or something). Maybe something else. I am sure it was done for a reason but why? (PS: The person on the other end seems to not want to say why or maybe doesn't know. So asking elsewhere hasn't worked. I felt silly.)
I am sure script is written in PHP as the rest of the site is.
ha, ok, so it might be开发者_StackOverflow a SHA-1. But what would be hashed? I reset my password twice this evening, i am not sure how long apart but they were the same keys. I'll try tomorrow. Maybe its a datestamp + user id i wonder...
It could be a SHA-1 hash, which has 160 bit.
160 bits is the size of a SHA-1 hash.
RFC 3174 http://www.faqs.org/rfcs/rfc3174.html
(aka SHA-1)
精彩评论