No, the security bit changes as the end-user actions change. In the spirit of fair play (and to see if I "smooched the pooched"(tm)) I will tell you where to begin:
Before the security bits are made, the below process is followed - 1) IP-based matching is done: only a certain internal sub-net is able to connect. 2) Next, mainframe authentication (userid/passwd) is done between two machines that are 15 feet apart - and that are not on the public Internet. 3) After the hand-shake, then a userid lookup table located on the server (which is only readable by www server ID and only writable by root via cron - and then must be eye-balled by a human) is read to determine the appropriate access level. 4) The system menu is created based up this ID. 5) The security bit contains these items: cookie, time-based, and one-way crypt'ed access key -- this is 6) then Matched to a IP/UserID timed cookie on the server (one which is expires if the user waits too long.) 7) The security bit sent to the user MUST match the security bit stored securely on the server. That's it. I wrote the whole 1,750 line program about 3 months after learning to program in Perl (back in 1997 and obviously it has had 5 years of maintenance, etc) and I "still strongly" feel that I have no idea what I am doing -- as my many illiterate posts to Usenet and various groups has shown/will likely prove... After 5 years I think it is secure "enough" ... but I am crazy - call me think skulled :] -Sx- On Monday, September 9, 2002, at 02:00 PM, Beanz wrote: > > On 9 September 2002 at 12:45, WC -Sx- Jones <[EMAIL PROTECTED]> wrote: >> >> Given: fcjjf1CkQsV1IFCCJ25145245 >> >> What do you think? I would give you a better hint, but this is all a >> hacker would have to go on... > > Is that really all they'd have? If I was a hacker, I'd try to get more > than one example of the secret based on performing the same action and > slightly different actions to see how it changed. (Perhaps it never > changes and your statement is correct, but then I'm not sure how it > would convey and significant information.) > > Cheers, > Beanz. > > > > _Sx_________________________________________________________________ "iudicium ferat: Perfer et obdura; dolor hic tibi proderit olim..." , , / \ ((__-^^-,-^^-__)) `-_---' `---_-' `--|o` 'o|--' \ ` / ): :( :o_o: "-"