[thelist] Md5 hashing

Guy Bowden guy at holler.co.uk
Mon Nov 24 14:04:34 CST 2003


I'm creating a voucher system whereby a user completes a task and is
rewarded (in this case the reward is a £200 voucher off their next

The user will receive this voucher by email. They then have to purchase the
product and then go to a web form and enter their product code (unique to
each purchase) along with their voucher code.  If the voucher code matches
up to the voucher this user received in their email - they get the money.

What I'm thinking is that if I send the user an MD5 hash of their email
address for example - is that sufficient security wise (obviously the client
doesn't want anyone to cheat).

Is it the case that unless the user knows what I've hashed and how I've
hashed it I'm secure? (dissregarding any server security issues).

i.e. I could create a random number for each user, and hash that - store the
hash string in a database along with their details so that when then come to
the form to get their money back I can check the hash along with the same

Any thoughts appreciated.



More information about the thelist mailing list