Anonymous?
Was your source Anonymous or anonymous?
Basic design flaws on a Labour party members forum exposed the email addresses of users to harvesting. Surfers who register through the site http://members.labour.org.uk were invited to confirm their membership, and activate their account, by clicking on the link in an email sent to a specified account. The email follows the …
The trouble is that with hashed timestamp + random salt you can't cope with an infinite number of registrations without also having an infinite number of collisions - it's like planning for not_success.
To code for success you need to remove identifiers from a set (not necessarily an infinite set though).
Just because it's random doesn't mean it won't collide, it just means you'll have trouble detecting if the cause was a stray alpha particle or bad-luck.
When I started bigwig.net as a telinco visp, their signup system regularly assigned my users the same account-id; and I don't feel comfortable merely drawing from a bigger pool of random numbers without checking.
The technique would be to use a robust pseudo-random algorithm, there are plenty about in the crypto world, then size the wrap to be some large number, e.g. world population is 7 billion, assume everyone registers 14 times (just picked a number to round up to 100) , size for 100 billion before collisions. That's 38 bits salt and counter, or the equivalent of a 38 bit hash, which could be made larger or padded out.
Not guaranteed to avoid collisions, 100 billion + 1 registrations could land but nothing in life (except currently death) is an absolute.
Something simple as a guid would suffice instead of the integer. (Not that I particularly like guids mind.) But using a linear stepping integer isn't really the problem. The email shouldn't be shown on the confirmation screen, nor should you be able to confirm the email more than once!
The whole point of a confirmation email is to prove you have control or access to the registered email address. If the identifier was just the email, someone could register other people's email addresses by faking the confirmation since they would be able to construct the confirmation url from known information.
To follow what I just posted, here is a website that does just that...
http://www.nationalpetregister.org
A website that uses confirmation links of the form:
http://www.nationalpetregister.org/activate.php?e=example@example.com
The website also has a registration form where the password input has a type set to 'text' instead of 'password'...
Labour have no clue about IT. Just look at all the failed or horribly overbudget IT initiatives that they have implemented. Also, they havea penchant for gathering your data (database upon database of your data, including ID cards). Who wouldeven have thought that they could get a simple email system right?
I can see they are serious about spending cuts: much cheaper to implement poor security than pay a public servant a 6 digits salary to copy the data on an overpriced USB drive and leave it in a public place.
Mind you, that's government related, so they could have paid a premium to have their security level decreased.
This post has been deleted by its author