Re: [GD-General] serial numbers
Brought to you by:
vexxed72
From: <cas...@ya...> - 2003-05-27 16:31:59
|
J C Lawrence wrote: > Typical forms I've seen are a one-way hash ala MD5 of the public data, > along with a secret. The resultant string (often with another secret) > is then digitally signed with the resultant string, sometimes with a CRC > or other padding data appended.. The application then verifies the > signature to check that the key is of valid form, and the central site > can check that the key is legit. Thanks, I was looking for something like that so, but I still have a problem. I create a message using the secret and the public data, and generate the key aplying MD5 to it, so when the user logs in, he provides the previous key and the public data. I know the secret, so I can recompute the key and validate the key that the user provided. MD5 is not trivially reversible, so this seems to work. However, if two users have the same name, the keys will also be the same, and some products don't requiere an username, so in that case I would have a single key! How can I solve that? I'd like to add a random part to the encoded message, but then I don't know how to validate it... Thanks in advance, Ignacio Castaño cas...@ya... |