Simple encryption proposal. Comments ?
Thomas Weholt
2002 at weholt.org
Mon Dec 30 09:37:21 EST 2002
I'm allready using M2Crypto for SSL. Didn't think of the AuthCookies-part.
I'll look into it.
My web-server-app can run both with and wthout SSL, depending on the
presence of M2Crypto. That's why I decided to encrypt the cookies for some
extra security for users without M2Crypto installed. Now that I've been told
my encryption-scheme isn't exactly bulletproof, it might be more of an
annoyance for possible hackers than a security measure, but ....
Best regards,
Thomas
"Ng Pheng Siong" <ngps at netmemetic.com> wrote in message
news:auo5td$19i$1 at reader01.singnet.com.sg...
> According to Thomas Weholt <2002 at weholt.org>:
> > ( This is sort of a follow-up to my earlier question about encrypting
> > cookies in HTTP-requests, so if you have any encryption schemes suitable
for
> > that purpose, let me know )
>
> M2Crypto has unforgeable HMAC'ing AuthCookies. Take a look.
>
> Why do you want to encrypt your cookies?
>
>
> > I've come up with a very simple One-Time-Pad encryption scheme
>
> Sorry, it is probably not an OTP.
>
> Cheers.
>
> --
> Ng Pheng Siong <ngps at netmemetic.com> * http://www.netmemetic.com
>
More information about the Python-list
mailing list