On Thu, Aug 28, 2008 at 04:11:41PM -0700, David Brown wrote: > HMAC(secret, counter)
I thought one of the conditions was to not store the secret on the server. HMACs would require the secret being on the gizmo and the server no? With those constraints wouldn't you have to do something like RSA where gizmo sends a digital signature of time stamp to server instead? Chris -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
