Sensis [Crawler]
New Member
When users register an account they get an email with a verification code that they can click to verify their accounts. This is how I generate the verification code.\[code\]md5(rand(0,1000)\[/code\]Is using the method below a bad choice? It generates a random number between 0-1000. Since there are only 1000 options, and their MD5 hashes are known, it should take an attacker just a 1000 trials to verify the account without it really belonging to them