16Eyl
Determining Entropy in PHP
I am using the following code in my code to send a password reset token to a user.
$token = md5($user_id . time());
Why this is considered as a bad approach being cited as it has a weak entropy. The above code would generated a scary looking 128-bit token that you an attacker cannot decipher at all.
My question is why this is a wrong approach? How do I say it has a weak entropy? Is there a way I can calculate its entropy?
