Securing 'pickle'

Paul Rubin http
Fri Jul 11 20:16:22 CEST 2003


Nagy László Zsolt <nagylzs at freemail.hu> writes:
> >Or is the checksum stored on the server, in some form of lookup
> >dictionary keyed by some user session identifier?
> >
> I think he wanted to write a digital signature instead. Right?

I used "cryptographic checksum" in a broad sense.  More specifically
the suggestion is to use a secret-key authentication code like HMAC-MD5.




More information about the Python-list mailing list