On Sep 4, 8:04 pm, Paul Rubin <http://[EMAIL PROTECTED]> wrote: > If you just want to authenticate the strings without confidentiality, > use the built-in HMAC module. But beware of replay attacks.
I looked into this and it looks like I might be able to get by with this. I didn't find this function before, I am asking my primary customer if the signature would be sufficient. I am having trouble seeing how I would post the encrypted data to a website and get it back without it changing some. So this option might work better for me (at least quicker), if he's ok with that option. By replay attack I assume you mean posting old data with the signature that is valid for that data? Thanks for the warning, I suppose I could include a date/timestamp in the data. Thanks again, this has been very helpful. -- http://mail.python.org/mailman/listinfo/python-list