On Thu, Apr 24, 2008 at 9:37 PM, Tyler Littlefield <[EMAIL PROTECTED]> wrote:
> If you want a one-way, I'd say sha1. If you want decompression, AES256 should > be fine. you still didn't explain how strong you wanted it to be, though. I'm > not to familiar with encryption algos, and which works best where, those are > the ones I've used in the past. I recently used a simple session--based scheme to encrypt passwords for a SOAP client: initiate session send authentication request to server get back a response with a nonce value based on the time put password through sha1 digest create a string with nonce + sha1 digest create md5 digest from that string and send it back to server with username server does the reverse to authenticate session continue with requests and responses for distributed application Not completely secure unless a secure transport layer is used, of course, since the session id and the message digest could still be snooped. -- Brett ------------------------------------------------------------ "In the rhythm of music a secret is hidden; If I were to divulge it, it would overturn the world." -- Jelaleddin Rumi
