As I was mulling this over today (wandering aimlessly through the NC state fair), I realized that I had done something vaguely similar with a totally different strategy. Essentially, I heavily restricted write permissions to the directory where the tokens were to be *stored*, and had access to them (read and write) managed by a daemon, listening on an internet and/or unix domain socket. Therefore, the tokens themselves could be simple timestamps, and security was handled by the regular unix file permissions scheme. Clients requesting a token connected to the socket and were returned a token; users couldn't manipulate the tokens because they couldn't touch the files.
ap ---------------------------------------------------------------------- Andrew J Perrin - [EMAIL PROTECTED] - http://www.unc.edu/~aperrin Assistant Professor of Sociology, U of North Carolina, Chapel Hill 269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA On Thu, 18 Oct 2001, martin f krafft wrote: > * David J. Roundy <[EMAIL PROTECTED]> [2001.10.18 10:52:52-0700]: > > If the attacker knows the algorithm (although not the prime number) this is > > unfortunately trivial to crack: they just have to guess the time that is > > encoded by the timestamp. :( > > look at my code. it should be obvious that i am not looking for > something incredibly secure. so while i appreciate all your work, i > think i can quite well settle with what i've got now... > > thanks though... > > -- > martin; (greetings from the heart of the sun.) > \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] > > "time flies like an arrow. fruit flies like a banana." > -- groucho marx >
