Re: a challenge
As I was mulling this over today (wandering aimlessly through the NC state
fair), I realized that I had done something vaguely similar with a totally
different strategy. Essentially, I heavily restricted write permissions to
the directory where the tokens were to be *stored*, and had access to them
(read and write) managed by a daemon, listening on an internet and/or unix
domain socket. Therefore, the tokens themselves could be simple
timestamps, and security was handled by the regular unix file permissions
scheme. Clients requesting a token connected to the socket and were
returned a token; users couldn't manipulate the tokens because they
couldn't touch the files.
ap
----------------------------------------------------------------------
Andrew J Perrin - andrew_perrin@unc.edu - http://www.unc.edu/~aperrin
Assistant Professor of Sociology, U of North Carolina, Chapel Hill
269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA
On Thu, 18 Oct 2001, martin f krafft wrote:
> * David J. Roundy <droundy@civet.berkeley.edu> [2001.10.18 10:52:52-0700]:
> > If the attacker knows the algorithm (although not the prime number) this is
> > unfortunately trivial to crack: they just have to guess the time that is
> > encoded by the timestamp. :(
>
> look at my code. it should be obvious that i am not looking for
> something incredibly secure. so while i appreciate all your work, i
> think i can quite well settle with what i've got now...
>
> thanks though...
>
> --
> martin; (greetings from the heart of the sun.)
> \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
>
> "time flies like an arrow. fruit flies like a banana."
> -- groucho marx
>
Reply to: