No, the security bit changes as the end-user actions change.
In the spirit of fair play (and to see if I "smooched the
pooched"(tm)) I will tell you where to begin:
Before the security bits are made, the below process is followed -
1) IP-based matching is done: only a certain internal sub-net is
able to connect.
2) Next, mainframe authentication (userid/passwd) is done between
two machines that are 15 feet apart - and that are not on the
public Internet.
3) After the hand-shake, then a userid lookup table located on the
server (which is only readable by www server ID and only writable
by root via cron - and then must be eye-balled by a human) is read
to determine the appropriate access level.
4) The system menu is created based up this ID.
5) The security bit contains these items: cookie, time-based, and
one-way crypt'ed access key -- this is
6) then Matched to a IP/UserID timed cookie on the server (one
which is expires if the user waits too long.)
7) The security bit sent to the user MUST match the security bit
stored securely on the server.
That's it. I wrote the whole 1,750 line program about 3 months
after learning to program in Perl (back in 1997 and obviously it
has had 5 years of maintenance, etc) and I "still strongly" feel
that I have no idea what I am doing -- as my many illiterate posts
to Usenet and various groups has shown/will likely prove...
After 5 years I think it is secure "enough" ... but I am crazy -
call me think skulled :]
-Sx-
On Monday, September 9, 2002, at 02:00 PM, Beanz wrote:
>
> On 9 September 2002 at 12:45, WC -Sx- Jones <[EMAIL PROTECTED]> wrote:
>>
>> Given: fcjjf1CkQsV1IFCCJ25145245
>>
>> What do you think? I would give you a better hint, but this is all a
>> hacker would have to go on...
>
> Is that really all they'd have? If I was a hacker, I'd try to get more
> than one example of the secret based on performing the same action and
> slightly different actions to see how it changed. (Perhaps it never
> changes and your statement is correct, but then I'm not sure how it
> would convey and significant information.)
>
> Cheers,
> Beanz.
>
>
>
>
_Sx_________________________________________________________________
"iudicium ferat: Perfer et obdura; dolor hic tibi proderit olim..."
, ,
/ \
((__-^^-,-^^-__))
`-_---' `---_-'
`--|o` 'o|--'
\ ` /
): :(
:o_o:
"-"
