As I was mulling this over today (wandering aimlessly through the NC state
fair), I realized that I had done something vaguely similar with a totally
different strategy. Essentially, I heavily restricted write permissions to
the directory where the tokens were to be *stored*, and had access to them
* David J. Roundy <[EMAIL PROTECTED]> [2001.10.18 10:52:52-0700]:
> If the attacker knows the algorithm (although not the prime number) this is
> unfortunately trivial to crack: they just have to guess the time that is
> encoded by the timestamp. :(
look at my code. it should be obvious that i am
On Thursday, October 18, 2001 10:52 AM, [EMAIL PROTECTED]
> If the attacker knows the algorithm (although not the prime number) this
is
> unfortunately trivial to crack: they just have to guess the time that is
> encoded by the timestamp. :(
You're right. I solved it as if the timestamp was
un
On Thu, Oct 18, 2001 at 09:11:05AM -0700, Greg Wiley wrote:
> This is just a general idea:
>
> I'm assuming a 32-bit timestamp.
>
> You want to encode that value somewhat securely
> with an invertable hash into 16 * 7 = 112 bits
> (less if you can't use control chars). It has to be
> somewhat re
On Thu, Oct 18, 2001 at 10:59:25AM -0500, Nathan E Norman wrote:
> On Thu, Oct 18, 2001 at 01:58:10PM +0200, martin f krafft wrote:
> > goal: a 4-16 byte 7-bit character value that somehow encodes the time
> > of creation such that it can be extracted if the encoding scheme/seed
> > is known. t
martin f krafft wrote:
>
> goal: a 4-16 byte 7-bit character value that somehow encodes the time
> of creation such that it can be extracted if the encoding scheme/seed
> is known. the encoded value should be such that it is mostly
> impossible to change it so as to yield a later time of cre
> You're right - since you can't decrypt, you can't check expiration
> (easily). Although you could potentially run a loop to check against a
> range of values; depending on how precise you need it to be.
> For example, if tokens can expire on a 15-minute granularity then it's not
> too much of a
On Thursday, October 18, 2001 4:58 AM, [EMAIL PROTECTED] wrote:
> goal: a 4-16 byte 7-bit character value that somehow encodes the time
> of creation such that it can be extracted if the encoding scheme/seed
> is known. the encoded value should be such that it is mostly
> impossible to change i
On Thu, Oct 18, 2001 at 01:58:10PM +0200, martin f krafft wrote:
> goal: a 4-16 byte 7-bit character value that somehow encodes the time
> of creation such that it can be extracted if the encoding scheme/seed
> is known. the encoded value should be such that it is mostly
> impossible to chang
how about this:
function get_token() {
local now=`date +\%s`
local ts=`echo -e "obase=16\n${now}" | bc | tr [A-Z] [a-z]`
local md5short=`echo $ts | md5sum | cut -c9-16`;
echo $ts$md5short
}
function check_token() {
local ts=`echo $1 | cut -c1-8`
local crc=`echo $1 | cut -c9-16`
loca
You're right - since you can't decrypt, you can't check expiration
(easily). Although you could potentially run a loop to check against a
range of values; depending on how precise you need it to be. For example,
if tokens can expire on a 15-minute granularity then it's not too much of
a problem to
* Andrew Perrin <[EMAIL PROTECTED]> [2001.10.18 10:44:40-0400]:
> Just an idea...
in fact, hold on... crypt is a hashing function, you can't decrypt it.
but how then would i go about to check if a token had expired?
assuming i get something like "mdIdT8MGyu.z2" there is no way to
figure out if th
* Andrew Perrin <[EMAIL PROTECTED]> [2001.10.18 10:44:40-0400]:
> Just an idea...
nice. *but*: all the strings are prefix with 'md' which is the salt,
just like: mdOnsGTiuYHX.
doesn't this enable everyone to decrypt it?
how do *i* decrypt it?
furthermore, how can i convert these strings such tha
What about using crypt() and the timestamp? Something like:
#!/usr/local/bin/perl -w
use strict;
my $time = time;
my $salt = 'md'; #mad duck
$time = join('',reverse(split('',$time))); #reverse time because
crypt() only
# deals w/ first 8 chars
print "
* martin f krafft <[EMAIL PROTECTED]> [2001.10.18 15:22:19+0200]:
> * dman <[EMAIL PROTECTED]> [2001.10.18 08:56:19-0400]:
> > I honestly don't know, but maybe Kerberos is what you are looking for?
> > (I know nothing except little bits I've caught in passing about
> > kerberos)
>
> no, i need to
* dman <[EMAIL PROTECTED]> [2001.10.18 08:56:19-0400]:
> I honestly don't know, but maybe Kerberos is what you are looking for?
> (I know nothing except little bits I've caught in passing about
> kerberos)
no, i need to be able to do this on the shell and PHP...
--
martin; (greeting
On Thu, Oct 18, 2001 at 01:58:10PM +0200, martin f krafft wrote:
| goal: a 4-16 byte 7-bit character value that somehow encodes the time
| of creation such that it can be extracted if the encoding scheme/seed
| is known. the encoded value should be such that it is mostly
| impossible to chang
On Sun, 30 Sep 2001, Indraneel Majumdar wrote:
> Isn't there a label.sty in LaTeX ? I've used it for printing labels for
> posters a long time back using perl to generate the numbers. Have to
> look for the source though.
take a look in labels package; use texdoctk utility to browse the
non-stand
Isn't there a label.sty in LaTeX ? I've used it for printing labels for
posters a long time back using perl to generate the numbers. Have to
look for the source though.
\Indraneel
On Sat, Sep 29, 2001 at 11:56:14AM -0400, Andrew Perrin wrote:
> Greetings.
>
> For a study, I need a lot of little
Andrew Perrin([EMAIL PROTECTED]) is reported to have said:
> Thanks for this suggestion... actually I found a useful little program
> that looks like it will do very nicely for me:
>
> http://www.red-bean.com/labelnation/
>
> It's a perl script that does labels from the command line. Very nice.
Thanks for this suggestion... actually I found a useful little program
that looks like it will do very nicely for me:
http://www.red-bean.com/labelnation/
It's a perl script that does labels from the command line. Very nice.
ap
--
At 11:56 Uhr -0400 29.9.2001, Andrew Perrin wrote:
these printed? I am really not happy about manually typing 8,000 numbers,
which I think would be necessary using the label templates in StarOffice,
Just an idea: output the numbers with tabs and newlines or whatever
typing codes staroffice/eta
22 matches
Mail list logo
