Can anyone suggest a good crypto package?
FettManChu at gmail.com
Fri Sep 5 17:08:26 CEST 2008
On Sep 4, 8:04 pm, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
> If you just want to authenticate the strings without confidentiality,
> use the built-in HMAC module. But beware of replay attacks.
I looked into this and it looks like I might be able to get by with
this. I didn't find this function before, I am asking my primary
customer if the signature would be sufficient.
I am having trouble seeing how I would post the encrypted data to a
website and get it back without it changing some. So this option might
work better for me (at least quicker), if he's ok with that option.
By replay attack I assume you mean posting old data with the signature
that is valid for that data? Thanks for the warning, I suppose I could
include a date/timestamp in the data.
Thanks again, this has been very helpful.
More information about the Python-list