On Thu, Oct 18, 2001 at 01:58:10PM +0200, martin f krafft wrote: > goal: a 4-16 byte 7-bit character value that somehow encodes the time > of creation such that it can be extracted if the encoding scheme/seed > is known. the encoded value should be such that it is mostly > impossible to change it so as to yield a later time of creation to be > encoded. in general, changing the encoded value may well render the > data invalid. > > this is supposed to be a token that's valid for a limited amount of > time, after which, a new token has to be fetched. this token should > not be obvious (e.g. the timestamp) to prevent people from changing > it to be valid longer rather than fetching a new one. > > can you do it? or is there a tool out there?
use perl, Digest::HMAC_MD5 to encode the token, and MIME::Base64 to make the result HTTP palatable. I used this to write a cookie-based web authentication scheme which timed out after some period of inactivity. I'll look around for the code as it sounds like you're doing something similar. libdigest-hmac-perl contains Digest::HMAC_MD5 libmime-base64-perl contains MIME::Base64 Regards, -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton
pgpl7tC7J1Tel.pgp
Description: PGP signature
