Re: a challenge

To: debian users <debian-user@lists.debian.org>
Subject: Re: a challenge
From: Richard Hector <rhector@actrix.gen.nz>
Date: Fri, 19 Oct 2001 06:03:21 +1300
Message-id: <[🔎] 3BCF0B59.3D5F209D@actrix.gen.nz>
References: <[🔎] 20011018135810.A24698@fishbowl.madduck.net>

martin f krafft wrote:
> 
> goal: a 4-16 byte 7-bit character value that somehow encodes the time
>   of creation such that it can be extracted if the encoding scheme/seed
>   is known. the encoded value should be such that it is mostly
>   impossible to change it so as to yield a later time of creation to be
>   encoded. in general, changing the encoded value may well render the
>   data invalid.
> 
>   this is supposed to be a token that's valid for a limited amount of
>   time, after which, a new token has to be fetched. this token should
>   not be obvious (e.g. the timestamp) to prevent people from changing
>   it to be valid longer rather than fetching a new one.

I'm assuming the token is generated by a server and requested by a
client (or that that generalisation is adequate).

>From what you've said, it would appear to be handy for the client to
know when to go get a new token, and not bad that they can read it - you
just don't want the client generating tokens. Have I got that right? If
so, then I would have thought that a public/private key algorithm would
be appropriate. The server generates the token using the private key,
and either the client or the server can check it using the public key.

I haven't investigated the technicalities, though - like whether it's
fast enough, or whether you can get a secure enough token small enough.

HTH,

Richard

Reply to:

References:
- a challenge
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: how to downgrade a package and set it to hold in dselect ?
Next by Date: Re: customizing Emacs
Previous by thread: Re: a challenge
Next by thread: RE: a challenge
Index(es):
- Date
- Thread